package oracle.security.xmlsec.wss;

import java.io.IOException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.soap.AttachmentPart;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.soap.SOAPMessage;
import javax.xml.transform.TransformerException;
import oracle.security.xmlsec.dsig.ReferenceException;
import oracle.security.xmlsec.dsig.SigningException;
import oracle.security.xmlsec.dsig.VerifyException;
import oracle.security.xmlsec.dsig.XSAlgorithmIdentifier;
import oracle.security.xmlsec.dsig.XSKeyInfo;
import oracle.security.xmlsec.dsig.XSReference;
import oracle.security.xmlsec.dsig.XSSignature;
import oracle.security.xmlsec.dsig.XSSignedInfo;
import oracle.security.xmlsec.enc.XECipherData;
import oracle.security.xmlsec.enc.XEDataReference;
import oracle.security.xmlsec.enc.XEEncryptedData;
import oracle.security.xmlsec.enc.XEEncryptedKey;
import oracle.security.xmlsec.enc.XEEncryptionMethod;
import oracle.security.xmlsec.enc.XEException;
import oracle.security.xmlsec.enc.XEKeyInfo;
import oracle.security.xmlsec.enc.XEReferenceList;
import oracle.security.xmlsec.enc.XEncUtils;
import oracle.security.xmlsec.keys.KeyInfoData;
import oracle.security.xmlsec.keys.KeyUtils;
import oracle.security.xmlsec.keys.X509Data;
import oracle.security.xmlsec.keys.retrieval.KeyRetrievalException;
import oracle.security.xmlsec.keys.retrieval.KeyRetriever;
import oracle.security.xmlsec.saml.Assertion;
import oracle.security.xmlsec.saml.AuthorityBinding;
import oracle.security.xmlsec.saml.SAMLInitializer;
import oracle.security.xmlsec.saml2.util.SAML2Initializer;
import oracle.security.xmlsec.transform.TransformationException;
import oracle.security.xmlsec.util.URIManager;
import oracle.security.xmlsec.util.XMLElement;
import oracle.security.xmlsec.util.XMLNode;
import oracle.security.xmlsec.util.XMLUtils;
import oracle.security.xmlsec.wss.kerberos.KerberosBinarySecurityToken;
import oracle.security.xmlsec.wss.kerberos.KerberosKeyIdentifier;
import oracle.security.xmlsec.wss.saml.SAMLAssertionKeyIdentifier;
import oracle.security.xmlsec.wss.saml.SAMLAssertionKeyIdentifierResolver;
import oracle.security.xmlsec.wss.saml.SAMLAssertionKeyIdentifierResolverException;
import oracle.security.xmlsec.wss.saml.SAMLAssertionToken;
import oracle.security.xmlsec.wss.saml2.SAML2AssertionKeyIdentifier;
import oracle.security.xmlsec.wss.saml2.SAML2AssertionKeyIdentifierResolver;
import oracle.security.xmlsec.wss.saml2.SAML2AssertionKeyIdentifierResolverException;
import oracle.security.xmlsec.wss.saml2.SAML2AssertionToken;
import oracle.security.xmlsec.wss.swa.SWAUtil;
import oracle.security.xmlsec.wss.username.KeyDerivationException;
import oracle.security.xmlsec.wss.username.KeyDerivator;
import oracle.security.xmlsec.wss.username.UsernameToken;
import oracle.security.xmlsec.wss.util.WSSEncryptionParams;
import oracle.security.xmlsec.wss.util.WSSInitializer;
import oracle.security.xmlsec.wss.util.WSSUtils;
import oracle.security.xmlsec.wss.util.WSSignatureParams;
import oracle.security.xmlsec.wss.x509.X509BinarySecurityToken;
import oracle.security.xmlsec.wss.x509.X509IssuerSerial;
import oracle.security.xmlsec.wss.x509.X509KeyIdentifier;
import oracle.security.xmlsec.wss.x509.X509KeyIdentifierResolver;
import oracle.security.xmlsec.wss.x509.X509KeyIdentifierResolverException;
import org.jaxen.JaxenException;
import org.jaxen.SimpleVariableContext;
import org.jaxen.dom.DOMXPath;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:oracle/security/xmlsec/wss/WSSecurity.class */
public class WSSecurity extends XMLElement {
    public static WSSecurity newInstance(String str) {
        WSSecurity wSSecurity = new WSSecurity(XMLUtils.createDocument(), str);
        wSSecurity.getOwnerDocument().appendChild(wSSecurity.node);
        return wSSecurity;
    }

    public static WSSecurity newInstance(Document document) {
        return new WSSecurity(document);
    }

    public static WSSecurity newInstance(SOAPEnvelope sOAPEnvelope) throws SOAPException {
        return new WSSecurity((Element) sOAPEnvelope.getHeader().addHeaderElement(sOAPEnvelope.createName(WSSURI.SECURITY, XMLElement.getDefaultNSPrefix(WSSURI.ns_wsse), WSSURI.ns_wsse)));
    }

    public static WSSecurity newInstance(Document document, String str) {
        return new WSSecurity(document, str);
    }

    public static WSSecurity[] getAllSecurityHeaders(SOAPEnvelope sOAPEnvelope) throws SOAPException {
        ArrayList arrayList = new ArrayList();
        Iterator examineAllHeaderElements = sOAPEnvelope.getHeader().examineAllHeaderElements();
        while (examineAllHeaderElements.hasNext()) {
            SOAPHeaderElement sOAPHeaderElement = (SOAPHeaderElement) examineAllHeaderElements.next();
            if (sOAPHeaderElement.getLocalName().equals(WSSURI.SECURITY) && sOAPHeaderElement.getNamespaceURI().equals(WSSURI.ns_wsse)) {
                arrayList.add(new WSSecurity((Element) sOAPHeaderElement));
            }
        }
        return (WSSecurity[]) arrayList.toArray(new WSSecurity[arrayList.size()]);
    }

    public static WSSecurity[] getSecurityHeaders(SOAPEnvelope sOAPEnvelope, String str) throws SOAPException {
        ArrayList arrayList = new ArrayList();
        Iterator examineHeaderElements = sOAPEnvelope.getHeader().examineHeaderElements(str);
        while (examineHeaderElements.hasNext()) {
            SOAPHeaderElement sOAPHeaderElement = (SOAPHeaderElement) examineHeaderElements.next();
            if (sOAPHeaderElement.getLocalName().equals(WSSURI.SECURITY) && sOAPHeaderElement.getNamespaceURI().equals(WSSURI.ns_wsse)) {
                arrayList.add(new WSSecurity((Element) sOAPHeaderElement));
            }
        }
        return (WSSecurity[]) arrayList.toArray(new WSSecurity[arrayList.size()]);
    }

    public static WSSecurity[] getMustUnderstandSecurityHeaders(SOAPEnvelope sOAPEnvelope, String str) throws SOAPException {
        ArrayList arrayList = new ArrayList();
        Iterator examineMustUnderstandHeaderElements = sOAPEnvelope.getHeader().examineMustUnderstandHeaderElements(str);
        while (examineMustUnderstandHeaderElements.hasNext()) {
            SOAPHeaderElement sOAPHeaderElement = (SOAPHeaderElement) examineMustUnderstandHeaderElements.next();
            if (sOAPHeaderElement.getLocalName().equals(WSSURI.SECURITY) && sOAPHeaderElement.getNamespaceURI().equals(WSSURI.ns_wsse)) {
                arrayList.add(new WSSecurity((Element) sOAPHeaderElement));
            }
        }
        return (WSSecurity[]) arrayList.toArray(new WSSecurity[arrayList.size()]);
    }

    WSSecurity(Document document) {
        super(document, WSSURI.ns_wsse, WSSURI.SECURITY);
        addNSPrefixAttr(XMLElement.getDefaultNSPrefix(WSSURI.ns_wsse), WSSURI.ns_wsse);
    }

    WSSecurity(Document document, String str) {
        this(document);
        if (str != null) {
            setAttribute(WSSURI.WSU_ID, str);
        }
    }

    public WSSecurity(Element element) {
        super(element);
    }

    public WSSecurity(Element element, String str) {
        super(element, str);
    }

    public XSSignature createSignature(String str) {
        XSSignature newInstance = XSSignature.newInstance(getOwnerDocument(), str);
        newInstance.setSystemId(this.systemId);
        return newInstance;
    }

    public void addUsernameToken(UsernameToken usernameToken) {
        UsernameToken usernameToken2 = usernameToken;
        if (getOwnerDocument() != usernameToken.getOwnerDocument()) {
            usernameToken2 = new UsernameToken((Element) getOwnerDocument().importNode(usernameToken.getNode(), true));
        }
        WSSUtils.prependChild(this, usernameToken2.getNode());
    }

    public void addX509CertificateToken(X509BinarySecurityToken x509BinarySecurityToken) {
        X509BinarySecurityToken x509BinarySecurityToken2 = x509BinarySecurityToken;
        if (getOwnerDocument() != x509BinarySecurityToken.getOwnerDocument()) {
            x509BinarySecurityToken2 = new X509BinarySecurityToken((Element) getOwnerDocument().importNode(x509BinarySecurityToken.getNode(), true));
        }
        WSSUtils.prependChild(this, x509BinarySecurityToken2.getNode());
    }

    public void addKerberosToken(KerberosBinarySecurityToken kerberosBinarySecurityToken) {
        KerberosBinarySecurityToken kerberosBinarySecurityToken2 = kerberosBinarySecurityToken;
        if (getOwnerDocument() != kerberosBinarySecurityToken.getOwnerDocument()) {
            kerberosBinarySecurityToken2 = new KerberosBinarySecurityToken((Element) getOwnerDocument().importNode(kerberosBinarySecurityToken.getNode(), true));
        }
        WSSUtils.prependChild(this, kerberosBinarySecurityToken2.getNode());
    }

    public void addSAMLAssertionToken(SAMLAssertionToken sAMLAssertionToken) {
        SAMLAssertionToken sAMLAssertionToken2 = sAMLAssertionToken;
        if (getOwnerDocument() != sAMLAssertionToken.getOwnerDocument()) {
            sAMLAssertionToken2 = new SAMLAssertionToken((Element) getOwnerDocument().importNode(sAMLAssertionToken.getNode(), true));
        }
        WSSUtils.prependChild(this, sAMLAssertionToken2.getNode());
    }

    public void addSAML2AssertionToken(SAML2AssertionToken sAML2AssertionToken) {
        SAML2AssertionToken sAML2AssertionToken2 = sAML2AssertionToken;
        if (getOwnerDocument() != sAML2AssertionToken.getOwnerDocument()) {
            sAML2AssertionToken2 = new SAML2AssertionToken((Element) getOwnerDocument().importNode(sAML2AssertionToken.getNode(), true));
        }
        WSSUtils.prependChild(this, sAML2AssertionToken2.getNode());
    }

    public void addSecurityToken(Element element) {
        Element element2 = element;
        if (getOwnerDocument() != element.getOwnerDocument()) {
            element2 = (Element) getOwnerDocument().importNode(element, true);
        }
        WSSUtils.prependChild(this, element2);
    }

    public void addSecurityTokenReference(WSSecurityTokenReference wSSecurityTokenReference) {
        WSSUtils.prependChild(this, wSSecurityTokenReference.getNode());
    }

    public void setTimestamp(WSUTimestamp wSUTimestamp) {
        XMLUtils.removeChildren((Element) this.node, WSSURI.ns_wsu, WSSURI.TIMESTAMP);
        WSSUtils.prependChild(this, wSUTimestamp.getNode());
    }

    public WSUTimestamp getTimestamp() {
        return (WSUTimestamp) WSSUtils.getChildElement(this, WSSURI.ns_wsu, WSSURI.TIMESTAMP);
    }

    private UsernameToken retrieveUsernameTokenfromURI(Document document, String str) {
        Element elementById = XMLUtils.getElementById(document, str);
        if (elementById == null) {
            return null;
        }
        String localName = elementById.getLocalName();
        if (elementById.getNamespaceURI().equals(WSSURI.ns_wsse) && localName.equals(WSSURI.USERNAME_TOKEN)) {
            return new UsernameToken(elementById);
        }
        return null;
    }

    public void encrypt(Element element, boolean z, String str, String str2, KeyDerivator keyDerivator) throws WSSException {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(element);
        encrypt(arrayList, new boolean[]{z}, str, str2, keyDerivator);
    }

    public void encrypt(List list, boolean[] zArr, String str, String str2, KeyDerivator keyDerivator) throws WSSException {
        Document ownerDocument = getOwnerDocument();
        try {
            UsernameToken retrieveUsernameTokenfromURI = retrieveUsernameTokenfromURI(ownerDocument, str2);
            if (retrieveUsernameTokenfromURI == null) {
                throw new WSSException("Could not retrieve Username Token from URI " + retrieveUsernameTokenfromURI);
            }
            SecretKey resolve = keyDerivator.resolve(retrieveUsernameTokenfromURI, str);
            XEReferenceList xEReferenceList = new XEReferenceList(ownerDocument);
            int size = list.size();
            for (int i = 0; i < size; i++) {
                String str3 = "_" + XMLUtils.randomName();
                String wsuId = retrieveUsernameTokenfromURI.getWsuId();
                if (wsuId == null) {
                    wsuId = "_" + XMLUtils.randomName();
                    retrieveUsernameTokenfromURI.setWsuId(wsuId);
                }
                XEEncryptedData encryptElement = XEncUtils.encryptElement((Element) list.get(i), zArr[i], str, resolve, (String) null);
                encryptElement.setId(str3);
                xEReferenceList.addReference(encryptElement.createDataReference("#_" + str3));
                WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(ownerDocument);
                wSSecurityTokenReference.setWsuId("_" + XMLUtils.randomName());
                WSSReference wSSReference = new WSSReference(ownerDocument, "#" + wsuId);
                wSSReference.setValueType(WSSURI.vt_token_username);
                wSSecurityTokenReference.setSTReference(wSSReference);
                XEKeyInfo createKeyInfo = encryptElement.createKeyInfo();
                createKeyInfo.addKeyInfoData(wSSecurityTokenReference);
                encryptElement.setKeyInfo(createKeyInfo);
            }
            WSSUtils.prependChild(this, xEReferenceList.getNode());
            WSSUtils.prependChild(this, retrieveUsernameTokenfromURI.getParentNode().removeChild(retrieveUsernameTokenfromURI.getNode()));
        } catch (XEException e) {
            throw new WSSException((Throwable) e, WSSException.INVALID_SECURITY);
        } catch (KeyDerivationException e2) {
            throw new WSSException((Throwable) e2, WSSException.SECURITY_TOKEN_UNAVAILABLE);
        }
    }

    private static WSSecurityToken retrieveTokenfromURI(Document document, String str) {
        Assertion xMLUtils;
        Element elementById = XMLUtils.getElementById(document, str);
        if (elementById == null) {
            return null;
        }
        String localName = elementById.getLocalName();
        String namespaceURI = elementById.getNamespaceURI();
        if (namespaceURI.equals(WSSURI.ns_wsse) && localName.equals(WSSURI.BINARY_SECURITY_TOKEN)) {
            return new X509BinarySecurityToken(elementById);
        }
        if (namespaceURI.equals("urn:oasis:names:tc:SAML:1.0:assertion") && localName.equals("Assertion") && (xMLUtils = XMLUtils.getInstance(elementById)) != null && (xMLUtils instanceof Assertion)) {
            return new SAMLAssertionToken(xMLUtils);
        }
        return null;
    }

    private static X509Certificate retrieveX509fromToken(WSSecurityToken wSSecurityToken) {
        Vector certificates;
        try {
            if (wSSecurityToken instanceof X509BinarySecurityToken) {
                return ((X509BinarySecurityToken) wSSecurityToken).getX509Certificate();
            }
            if (wSSecurityToken instanceof SAMLAssertionToken) {
                NodeList elementsByTagNameNS = ((Assertion) wSSecurityToken.getToken()).getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509Data");
                int length = elementsByTagNameNS.getLength();
                if (length == 0) {
                    return null;
                }
                for (int i = 0; i < length; i++) {
                    try {
                        certificates = new X509Data((Element) elementsByTagNameNS.item(i)).getCertificates();
                    } catch (IOException e) {
                    }
                    if (certificates != null && certificates.size() > 0) {
                        return (X509Certificate) certificates.elementAt(0);
                    }
                }
            }
            return null;
        } catch (WSSException e2) {
            return null;
        }
    }

    private SecretKey generateDataEncryptionKey(String str) throws WSSException {
        String jCEAlgorithm = URIManager.getURIManager().getJCEAlgorithm(str);
        if (jCEAlgorithm == null) {
            throw new WSSException(WSSException.UNSUPPORTED_ALGORITHM, "Unsupported data encryption algorithm " + str);
        }
        try {
            int indexOf = jCEAlgorithm.indexOf(47);
            if (indexOf > -1) {
                jCEAlgorithm = jCEAlgorithm.substring(0, indexOf);
            }
            return KeyGenerator.getInstance(jCEAlgorithm).generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new WSSException(e, WSSException.UNSUPPORTED_ALGORITHM);
        }
    }

    private X509BinarySecurityToken retrieveCertTokenFromURI(Document document, String str) {
        Element elementById = XMLUtils.getElementById(document, str);
        if (elementById == null) {
            return null;
        }
        String localName = elementById.getLocalName();
        if (elementById.getNamespaceURI().equals(WSSURI.ns_wsse) && localName.equals(WSSURI.BINARY_SECURITY_TOKEN)) {
            return new X509BinarySecurityToken(elementById);
        }
        return null;
    }

    public void encrypt(Element element, boolean z, String str, String str2, String str3, SecretKey secretKey) throws WSSException {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(element);
        encrypt(arrayList, new boolean[]{z}, str, str2, str3, secretKey);
    }

    public void encrypt(List list, boolean[] zArr, String str, String str2, String str3, SecretKey secretKey) throws WSSException {
        Document ownerDocument = getOwnerDocument();
        X509BinarySecurityToken retrieveCertTokenFromURI = retrieveCertTokenFromURI(ownerDocument, str2);
        if (retrieveCertTokenFromURI == null) {
            throw new WSSException(WSSException.SECURITY_TOKEN_UNAVAILABLE, "Could not retrieve Username Token from URI " + retrieveCertTokenFromURI);
        }
        X509Certificate x509Certificate = retrieveCertTokenFromURI.getX509Certificate();
        PublicKey publicKey = x509Certificate.getPublicKey();
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(ownerDocument);
        wSSecurityTokenReference.setWsuId("_" + XMLUtils.randomName());
        X509IssuerSerial x509IssuerSerial = new X509IssuerSerial(ownerDocument);
        x509IssuerSerial.setIssuerSerial(x509Certificate.getIssuerX500Principal(), x509Certificate.getSerialNumber());
        wSSecurityTokenReference.setSTReference(x509IssuerSerial);
        encryptWithEncKey(list, zArr, null, new WSSEncryptionParams(str, secretKey, str3, publicKey, wSSecurityTokenReference));
    }

    public void encrypt(Element element, boolean z, String str, String str2, String str3) throws WSSException {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(element);
        encrypt(arrayList, new boolean[]{z}, str, str2, str3);
    }

    public void encrypt(List list, boolean[] zArr, String str, String str2, String str3) throws WSSException {
        Document ownerDocument = getOwnerDocument();
        WSSecurityToken retrieveTokenfromURI = retrieveTokenfromURI(ownerDocument, str2);
        if (retrieveTokenfromURI == null) {
            throw new WSSException(WSSException.SECURITY_TOKEN_UNAVAILABLE, "Could not retrieve key encryption key from URI " + str2);
        }
        X509Certificate retrieveX509fromToken = retrieveX509fromToken(retrieveTokenfromURI);
        if (retrieveX509fromToken == null) {
            throw new WSSException(WSSException.SECURITY_TOKEN_UNAVAILABLE, "Could not find key encryption key from URI " + str2);
        }
        PublicKey publicKey = retrieveX509fromToken.getPublicKey();
        WSSReference wSSReference = new WSSReference(ownerDocument, str2);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(ownerDocument);
        wSSecurityTokenReference.setWsuId("_" + XMLUtils.randomName());
        wSSecurityTokenReference.setSTReference(wSSReference);
        encryptWithEncKey(list, zArr, null, new WSSEncryptionParams(str, (SecretKey) null, str3, publicKey, wSSecurityTokenReference));
    }

    public void sign(String str, UsernameToken usernameToken, KeyDerivator keyDerivator, String str2, String str3, String str4, boolean z) throws WSSException {
        sign(new String[]{str}, usernameToken, keyDerivator, str2, str3, str4, z);
    }

    public void sign(String[] strArr, UsernameToken usernameToken, KeyDerivator keyDerivator, String str, String str2, String str3, boolean z) throws WSSException {
        XSAlgorithmIdentifier xSAlgorithmIdentifier = new XSAlgorithmIdentifier(getOwnerDocument(), "Transform", str2);
        xSAlgorithmIdentifier.setSystemId(this.systemId);
        sign(strArr, usernameToken, keyDerivator, str, str2, str3, new XSAlgorithmIdentifier[]{xSAlgorithmIdentifier}, z);
    }

    public void sign(String[] strArr, UsernameToken usernameToken, KeyDerivator keyDerivator, String str, String str2, String str3, XSAlgorithmIdentifier[] xSAlgorithmIdentifierArr, boolean z) throws WSSException {
        Document ownerDocument = getOwnerDocument();
        try {
            String wsuId = usernameToken.getWsuId();
            if (wsuId == null || wsuId.length() < 1) {
                wsuId = "_" + XMLUtils.randomName();
                usernameToken.setWsuId(wsuId);
            }
            WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(ownerDocument);
            wSSecurityTokenReference.setWsuId("_" + XMLUtils.randomName());
            WSSReference wSSReference = new WSSReference(ownerDocument, "#" + wsuId);
            wSSReference.setValueType(WSSURI.vt_token_username);
            wSSecurityTokenReference.setSTReference(wSSReference);
            WSSignatureParams wSSignatureParams = new WSSignatureParams(keyDerivator.resolve(usernameToken, str3).getEncoded(), (PrivateKey) null);
            wSSignatureParams.setDigestMethod(str);
            wSSignatureParams.setC14nMethod(str2);
            wSSignatureParams.setSignMethod(str3);
            wSSignatureParams.setUsingDecryptTranform(z);
            wSSignatureParams.setKeyInfoData(wSSecurityTokenReference);
            wSSignatureParams.setCommonTrans(xSAlgorithmIdentifierArr);
            sign(strArr, wSSignatureParams, (XSAlgorithmIdentifier[][]) null);
            WSSUtils.prependChild(this, usernameToken.getParentNode().removeChild(usernameToken.getNode()));
        } catch (Exception e) {
            throw new WSSException(e, WSSException.INVALID_SECURITY);
        }
    }

    private boolean isSTRorKeyInfo(String str) {
        String idFromURI;
        Element elementById;
        if (!str.startsWith("#") || str.equals("#xpointer(/)") || (idFromURI = XMLUtils.getIdFromURI(str)) == null || (elementById = XMLUtils.getElementById(getOwnerDocument(), idFromURI)) == null) {
            return false;
        }
        if (elementById.getNamespaceURI().equals(WSSURI.ns_wsse) && elementById.getLocalName().equals(WSSURI.SECURITY_TOKEN_REFERENCE)) {
            return true;
        }
        return elementById.getNamespaceURI().equals("http://www.w3.org/2000/09/xmldsig#") && elementById.getLocalName().equals("KeyInfo");
    }

    public XSSignature sign(String[] strArr, WSSignatureParams wSSignatureParams, XSAlgorithmIdentifier[][] xSAlgorithmIdentifierArr) throws WSSException {
        Document ownerDocument = getOwnerDocument();
        if (xSAlgorithmIdentifierArr != null && xSAlgorithmIdentifierArr.length != strArr.length) {
            throw new IllegalArgumentException("trans.length should same as uris.length");
        }
        if (wSSignatureParams.getSecretKey() == null && wSSignatureParams.getPrivateKey() == null) {
            throw new NullPointerException("Must specify either the secret key or the private key");
        }
        XSSignature xSSignature = new XSSignature(WSSUtils.prependChild2(this, XSSignature.newInstance(ownerDocument, (String) null).getNode()));
        xSSignature.setSignedInfo(xSSignature.createSignedInfo(wSSignatureParams.getC14NMethod(), wSSignatureParams.getSignatureMethod(), (String) null));
        XSSignedInfo signedInfo = xSSignature.getSignedInfo();
        if (wSSignatureParams.getSOAPMessage() != null) {
            SWAUtil.setSOAPMessage(wSSignatureParams.getSOAPMessage());
        }
        if (wSSignatureParams.getKeyInfoData() != null) {
            XSKeyInfo createKeyInfo = xSSignature.createKeyInfo();
            if (wSSignatureParams.getKeyInfoId() != null) {
                createKeyInfo.setId(wSSignatureParams.getKeyInfoId());
            }
            createKeyInfo.addKeyInfoData(wSSignatureParams.getKeyInfoData());
            xSSignature.setKeyInfo(createKeyInfo);
        }
        int length = strArr.length;
        for (int i = 0; i < length; i++) {
            XSReference createReference = xSSignature.createReference((String) null, strArr[i], (String) null, wSSignatureParams.getDigestMethod());
            if (xSAlgorithmIdentifierArr == null) {
                if (strArr[i].startsWith("cid:")) {
                    createReference.addTransform(new XSAlgorithmIdentifier(getOwnerDocument(), "Transform", wSSignatureParams.isAttachmentContentOnly() ? "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform" : "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform"));
                } else if (wSSignatureParams.isUsingSTRTransform() && isSTRorKeyInfo(strArr[i])) {
                    XSAlgorithmIdentifier createTransform = xSSignature.createTransform(WSSURI.alg_strTransform);
                    Element createElementNS = ownerDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", WSSURI.CANONICALIZATION_METHOD);
                    createElementNS.setAttribute(WSSURI.ALGORITHM, wSSignatureParams.getC14NMethod());
                    XMLUtils.copyNSPrefix((Element) createTransform.getNode(), createElementNS);
                    Element createElementNS2 = getOwnerDocument().createElementNS(WSSURI.ns_wsse, "wsse:TransformationParameters");
                    createElementNS2.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", WSSURI.ns_wsse);
                    createElementNS2.appendChild(createElementNS);
                    createTransform.addParameter(createElementNS2);
                    createReference.addTransform(createTransform);
                } else {
                    createReference.addTransform(new XSAlgorithmIdentifier(getOwnerDocument(), "Transform", wSSignatureParams.getC14NMethod()));
                }
                if (wSSignatureParams.isUsingDecryptTranform()) {
                    createReference.addTransform(xSSignature.createTransform("http://www.w3.org/2002/07/decrypt#XML"));
                }
            } else {
                int length2 = xSAlgorithmIdentifierArr[i].length;
                for (int i2 = 0; i2 < length2; i2++) {
                    createReference.addTransform(xSAlgorithmIdentifierArr[i][i2]);
                }
            }
            signedInfo.addReference(createReference);
        }
        try {
            if (wSSignatureParams.getSecretKey() != null) {
                xSSignature.sign(wSSignatureParams.getSecretKey(), (String) null);
            } else {
                xSSignature.sign(wSSignatureParams.getPrivateKey(), (String) null);
            }
            return xSSignature;
        } catch (TransformationException e) {
            getElement().removeChild(xSSignature.getElement());
            throw new WSSException((Throwable) e, WSSException.INVALID_SECURITY);
        } catch (SigningException e2) {
            getElement().removeChild(xSSignature.getElement());
            throw new WSSException((Throwable) e2, WSSException.INVALID_SECURITY);
        }
    }

    private XEEncryptedKey setUpEncryptedKey(Document document, SecretKey secretKey, PublicKey publicKey, String str) throws XEException {
        XEEncryptedKey xEEncryptedKey = new XEEncryptedKey(document);
        XEEncryptionMethod createEncryptionMethod = xEEncryptedKey.createEncryptionMethod(str);
        if (str.equals("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p")) {
            createEncryptionMethod.setDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1");
        }
        xEEncryptedKey.setEncryptionMethod(createEncryptionMethod);
        byte[] encrypt = xEEncryptedKey.encrypt(secretKey, publicKey);
        XECipherData createCipherData = xEEncryptedKey.createCipherData();
        createCipherData.setCipherValue(encrypt);
        xEEncryptedKey.setCipherData(createCipherData);
        return xEEncryptedKey;
    }

    private XEEncryptedData encryptElementOrAttachment(Object obj, boolean z, String str, WSSEncryptionParams wSSEncryptionParams, XEEncryptedKey xEEncryptedKey, XEReferenceList xEReferenceList) throws XEException {
        XEEncryptedData encryptAndReplace;
        if (str == null) {
            str = "_" + XMLUtils.randomName();
        }
        if (obj instanceof AttachmentPart) {
            encryptAndReplace = new XEEncryptedData(WSSUtils.prependChild2(this, SWAUtil.encryptAttachment((AttachmentPart) obj, wSSEncryptionParams, getOwnerDocument(), str, !z).getNode()));
        } else {
            if (obj instanceof XMLElement) {
                obj = ((XMLElement) obj).getElement();
            }
            XEEncryptedData newInstance = XEEncryptedData.newInstance(((Element) obj).getOwnerDocument(), str, z ? "http://www.w3.org/2001/04/xmlenc#Content" : "http://www.w3.org/2001/04/xmlenc#Element");
            XEEncryptionMethod createEncryptionMethod = newInstance.createEncryptionMethod(wSSEncryptionParams.getDataEncryptionAlg());
            newInstance.setEncryptionMethod(createEncryptionMethod);
            SecretKey dataEncryptionKey = wSSEncryptionParams.getDataEncryptionKey();
            if (!createEncryptionMethod.getJCEKeyAlgorithm().equals(dataEncryptionKey.getAlgorithm())) {
                dataEncryptionKey = new SecretKeySpec(dataEncryptionKey.getEncoded(), createEncryptionMethod.getJCEKeyAlgorithm());
            }
            encryptAndReplace = XEEncryptedData.encryptAndReplace((Element) obj, dataEncryptionKey, wSSEncryptionParams.getIv(), newInstance);
        }
        encryptAndReplace.setId(str);
        changeToEncryptedHeaderIfRequired(encryptAndReplace);
        if (xEEncryptedKey != null) {
            xEEncryptedKey.addReference(xEEncryptedKey.createDataReference("#" + str));
        }
        if (xEReferenceList != null) {
            xEReferenceList.addReference(encryptAndReplace.createDataReference("#" + str));
        }
        return encryptAndReplace;
    }

    private static Object decryptElementOrAttachment(XEEncryptedData xEEncryptedData, SecretKey secretKey, SOAPMessage sOAPMessage) throws XEException {
        if (secretKey == null) {
            secretKey = (SecretKey) xEEncryptedData.getDecryptionKey();
        }
        if (!xEEncryptedData.getEncryptionMethod().getJCEKeyAlgorithm().equals(secretKey.getAlgorithm())) {
            secretKey = new SecretKeySpec(secretKey.getEncoded(), xEEncryptedData.getEncryptionMethod().getJCEKeyAlgorithm());
        }
        if (SWAUtil.isEncryptedAttacment(xEEncryptedData)) {
            return SWAUtil.decryptAttachment(xEEncryptedData, secretKey, sOAPMessage);
        }
        SWAUtil.setSOAPMessage(sOAPMessage);
        Element decryptAndReplace = XEEncryptedData.decryptAndReplace(secretKey, xEEncryptedData.getElement());
        removeEncryptedHeaderIfPresent(decryptAndReplace);
        return decryptAndReplace;
    }

    private WSSEncryptedHeader changeToEncryptedHeaderIfRequired(XEEncryptedData xEEncryptedData) {
        if (xEEncryptedData.getParentNode().getNodeType() != 1 || !((Element) xEEncryptedData.getParentNode()).getLocalName().equals("Header") || !((Element) xEEncryptedData.getParentNode()).getNamespaceURI().equals("http://schemas.xmlsoap.org/soap/envelope/")) {
            return null;
        }
        WSSEncryptedHeader wSSEncryptedHeader = new WSSEncryptedHeader(xEEncryptedData.getOwnerDocument(), this);
        xEEncryptedData.getParentNode().appendChild(wSSEncryptedHeader.getNode());
        wSSEncryptedHeader.appendChild(xEEncryptedData);
        String id = xEEncryptedData.getId();
        xEEncryptedData.removeAttribute(WSSURI.WSU_ID);
        wSSEncryptedHeader.setId(id);
        return wSSEncryptedHeader;
    }

    public void encrypt(Element element, boolean z, WSSEncryptionParams wSSEncryptionParams) throws WSSException {
        new ArrayList(1).add(element);
        encrypt(element, z, wSSEncryptionParams.getDataEncryptionAlg(), wSSEncryptionParams.getDataEncryptionKey(), wSSEncryptionParams.getKeyEncryptionKey(), wSSEncryptionParams.getKeyEncryptionAlg(), wSSEncryptionParams.getDataEncryptionKeyName(), wSSEncryptionParams.getCertId());
    }

    public void encrypt(Element element, boolean z, String str, SecretKey secretKey, PublicKey publicKey, String str2, String str3, byte[] bArr) throws WSSException {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(element);
        encrypt(arrayList, new boolean[]{z}, str, secretKey, publicKey, str2, str3, bArr);
    }

    public void encrypt(List list, boolean[] zArr, WSSEncryptionParams wSSEncryptionParams) throws WSSException {
        encrypt(list, zArr, wSSEncryptionParams.getDataEncryptionAlg(), wSSEncryptionParams.getDataEncryptionKey(), wSSEncryptionParams.getKeyEncryptionKey(), wSSEncryptionParams.getKeyEncryptionAlg(), wSSEncryptionParams.getDataEncryptionKeyName(), wSSEncryptionParams.getCertId());
    }

    public void encrypt(Element element, boolean z, String str, SecretKey secretKey, X509Certificate x509Certificate, String str2) throws WSSException {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(element);
        encrypt(arrayList, new boolean[]{z}, str, secretKey, x509Certificate, str2);
    }

    public void encrypt(List list, boolean[] zArr, String str, SecretKey secretKey, X509Certificate x509Certificate, String str2) throws WSSException {
        Document ownerDocument = getOwnerDocument();
        X509IssuerSerial x509IssuerSerial = new X509IssuerSerial(ownerDocument);
        x509IssuerSerial.setIssuerSerial(x509Certificate.getIssuerX500Principal(), x509Certificate.getSerialNumber());
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(ownerDocument);
        wSSecurityTokenReference.setWsuId("_" + XMLUtils.randomName());
        wSSecurityTokenReference.setSTReference(x509IssuerSerial);
        encryptWithEncKey(list, zArr, null, new WSSEncryptionParams(str, secretKey, str2, x509Certificate.getPublicKey(), wSSecurityTokenReference));
    }

    public void encrypt(List list, boolean[] zArr, String str, SecretKey secretKey, PublicKey publicKey, String str2, String str3, byte[] bArr) throws WSSException {
        Document ownerDocument = getOwnerDocument();
        WSSEncryptionParams wSSEncryptionParams = new WSSEncryptionParams(str, secretKey, str2, publicKey, (KeyInfoData) null);
        if (publicKey == null && secretKey != null) {
            encryptWithEncKey(list, zArr, null, wSSEncryptionParams);
            return;
        }
        if (publicKey == null) {
            throw new WSSException("No keys specified for encrytion.");
        }
        if (bArr == null) {
            KeyInfoData createKeyName = KeyUtils.createKeyName(ownerDocument);
            createKeyName.setName(str3);
            wSSEncryptionParams.setKeyInfoData(createKeyName);
            encryptWithEncKey(list, zArr, null, wSSEncryptionParams);
            return;
        }
        X509KeyIdentifier x509KeyIdentifier = new X509KeyIdentifier(ownerDocument);
        x509KeyIdentifier.setValue(bArr);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(ownerDocument);
        wSSecurityTokenReference.setWsuId("_" + XMLUtils.randomName());
        wSSecurityTokenReference.setSTReference(x509KeyIdentifier);
        wSSEncryptionParams.setKeyInfoData(wSSecurityTokenReference);
        encryptWithEncKey(list, zArr, null, wSSEncryptionParams);
    }

    public void encrypt(Element element, boolean z, String str, WSSEncryptionParams wSSEncryptionParams) throws WSSException {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(element);
        encryptNoEncKey(arrayList, new boolean[]{z}, new String[]{str}, new WSSEncryptionParams[]{wSSEncryptionParams});
    }

    public XEReferenceList encryptNoEncKey(List list, boolean[] zArr, String[] strArr, WSSEncryptionParams[] wSSEncryptionParamsArr) throws WSSException {
        if (zArr != null && list.size() != zArr.length) {
            throw new IllegalArgumentException("elements List size MUST match contentOnlys array size");
        }
        if (strArr != null && list.size() != strArr.length) {
            throw new IllegalArgumentException("elements List size MUST match encDataIds array size");
        }
        if (wSSEncryptionParamsArr.length == 1 && list.size() > 1) {
            int size = list.size();
            WSSEncryptionParams[] wSSEncryptionParamsArr2 = new WSSEncryptionParams[size];
            wSSEncryptionParamsArr2[0] = wSSEncryptionParamsArr[0];
            for (int i = 1; i < size; i++) {
                wSSEncryptionParamsArr2[i] = new WSSEncryptionParams(wSSEncryptionParamsArr[0]);
            }
            wSSEncryptionParamsArr = wSSEncryptionParamsArr2;
        }
        if (wSSEncryptionParamsArr.length != list.size()) {
            throw new IllegalArgumentException("elements List size MUST match encParams array size, or encParams array must have one element");
        }
        try {
            XEReferenceList xEReferenceList = new XEReferenceList(getOwnerDocument());
            int size2 = list.size();
            for (int i2 = 0; i2 < size2; i2++) {
                XEEncryptedData encryptElementOrAttachment = encryptElementOrAttachment(list.get(i2), zArr != null ? zArr[i2] : false, strArr != null ? strArr[i2] : null, wSSEncryptionParamsArr[i2], null, xEReferenceList);
                if (wSSEncryptionParamsArr[i2].getKeyInfoData() != null) {
                    XEKeyInfo createKeyInfo = encryptElementOrAttachment.createKeyInfo();
                    encryptElementOrAttachment.setKeyInfo(createKeyInfo);
                    createKeyInfo.addKeyInfoData(wSSEncryptionParamsArr[i2].getKeyInfoData());
                }
            }
            return new XEReferenceList(WSSUtils.prependChild2(this, xEReferenceList.getNode()));
        } catch (XEException e) {
            throw new WSSException((Throwable) e, WSSException.INVALID_SECURITY);
        }
    }

    public XEEncryptedKey encryptWithEncKey(List list, boolean[] zArr, String[] strArr, WSSEncryptionParams wSSEncryptionParams) throws WSSException {
        if (zArr != null && list.size() != zArr.length) {
            throw new IllegalArgumentException("elements List size MUST match contentOnlys array size");
        }
        if (strArr != null && list.size() != strArr.length) {
            throw new IllegalArgumentException("elements List size MUST match encDataIds array size");
        }
        Document ownerDocument = getOwnerDocument();
        try {
            if (wSSEncryptionParams.getDataEncryptionKey() == null) {
                wSSEncryptionParams.setDataEncryptionKey(generateDataEncryptionKey(wSSEncryptionParams.getDataEncryptionAlg()));
            }
            XEEncryptedKey upEncryptedKey = setUpEncryptedKey(ownerDocument, wSSEncryptionParams.getDataEncryptionKey(), wSSEncryptionParams.getKeyEncryptionKey(), wSSEncryptionParams.getKeyEncryptionAlg());
            if (wSSEncryptionParams.getKeyInfoData() != null) {
                XEKeyInfo createKeyInfo = upEncryptedKey.createKeyInfo();
                upEncryptedKey.setKeyInfo(createKeyInfo);
                createKeyInfo.addKeyInfoData(wSSEncryptionParams.getKeyInfoData());
            }
            int size = list.size();
            for (int i = 0; i < size; i++) {
                encryptElementOrAttachment(list.get(i), zArr != null ? zArr[i] : false, strArr != null ? strArr[i] : null, wSSEncryptionParams, upEncryptedKey, null);
            }
            return new XEEncryptedKey(WSSUtils.prependChild2(this, upEncryptedKey.getNode()));
        } catch (XEException e) {
            throw new WSSException((Throwable) e, WSSException.INVALID_SECURITY);
        }
    }

    public void sign(String[] strArr, X509BinarySecurityToken x509BinarySecurityToken, PrivateKey privateKey, String str, String str2, String str3, boolean z) throws WSSException, KeyRetrievalException {
        XSAlgorithmIdentifier xSAlgorithmIdentifier = new XSAlgorithmIdentifier(getOwnerDocument(), "Transform", str2);
        xSAlgorithmIdentifier.setSystemId(this.systemId);
        sign(strArr, x509BinarySecurityToken, privateKey, str, str2, str3, new XSAlgorithmIdentifier[]{xSAlgorithmIdentifier}, z);
    }

    public void sign(String[] strArr, X509BinarySecurityToken x509BinarySecurityToken, PrivateKey privateKey, String str, String str2, String str3, XSAlgorithmIdentifier[] xSAlgorithmIdentifierArr, boolean z) throws WSSException, KeyRetrievalException {
        Document ownerDocument = getOwnerDocument();
        try {
            X509Certificate x509Certificate = (X509Certificate) x509BinarySecurityToken.getToken();
            X509Data createX509Data = KeyUtils.createX509Data(ownerDocument);
            createX509Data.addIssuerSerial(x509Certificate.getIssuerX500Principal(), x509Certificate.getSerialNumber());
            if (privateKey == null) {
                privateKey = KeyRetriever.getPrivateKey(createX509Data);
            }
            if (privateKey == null) {
                throw new KeyRetrievalException("Unable to Locate Private Key for \n " + createX509Data.toStringXML());
            }
            String wsuId = x509BinarySecurityToken.getWsuId();
            if (wsuId == null || wsuId.length() < 1) {
                wsuId = "_" + XMLUtils.randomName();
                x509BinarySecurityToken.setWsuId(wsuId);
            }
            WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(ownerDocument);
            wSSecurityTokenReference.setWsuId("_" + XMLUtils.randomName());
            WSSReference wSSReference = new WSSReference(ownerDocument, "#" + wsuId);
            wSSReference.setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
            wSSecurityTokenReference.setSTReference(wSSReference);
            WSSignatureParams wSSignatureParams = new WSSignatureParams((byte[]) null, privateKey);
            wSSignatureParams.setDigestMethod(str);
            wSSignatureParams.setC14nMethod(str2);
            wSSignatureParams.setSignMethod(str3);
            wSSignatureParams.setCommonTrans(xSAlgorithmIdentifierArr);
            wSSignatureParams.setUsingDecryptTranform(z);
            wSSignatureParams.setKeyInfoData(wSSecurityTokenReference);
            sign(strArr, wSSignatureParams, (XSAlgorithmIdentifier[][]) null);
            WSSUtils.prependChild(this, x509BinarySecurityToken.getParentNode().removeChild(x509BinarySecurityToken.getNode()));
        } catch (TransformerException e) {
            throw new WSSException(e, WSSException.FAILED_CHECK);
        }
    }

    public void sign(String[] strArr, X509IssuerSerial x509IssuerSerial, PrivateKey privateKey, String str, String str2, String str3, boolean z) throws WSSException, KeyRetrievalException {
        XSAlgorithmIdentifier xSAlgorithmIdentifier = new XSAlgorithmIdentifier(getOwnerDocument(), "Transform", str2);
        xSAlgorithmIdentifier.setSystemId(this.systemId);
        sign(strArr, x509IssuerSerial, privateKey, str, str2, str3, new XSAlgorithmIdentifier[]{xSAlgorithmIdentifier}, z);
    }

    public void sign(String[] strArr, X509IssuerSerial x509IssuerSerial, PrivateKey privateKey, String str, String str2, String str3, XSAlgorithmIdentifier[] xSAlgorithmIdentifierArr, boolean z) throws WSSException, KeyRetrievalException {
        Document ownerDocument = getOwnerDocument();
        try {
            XMLNode createX509Data = KeyUtils.createX509Data(ownerDocument);
            x509IssuerSerial.getIssuerSerial();
            createX509Data.addIssuerSerial(x509IssuerSerial.getIssuer(), x509IssuerSerial.getSerial());
            if (privateKey == null) {
                privateKey = KeyRetriever.getPrivateKey(createX509Data);
            }
            if (privateKey == null) {
                throw new KeyRetrievalException("Unable to Locate Private Key for \n " + createX509Data.toStringXML());
            }
            WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(ownerDocument);
            wSSecurityTokenReference.setWsuId("_" + XMLUtils.randomName());
            wSSecurityTokenReference.appendChild(createX509Data);
            WSSignatureParams wSSignatureParams = new WSSignatureParams((byte[]) null, privateKey);
            wSSignatureParams.setDigestMethod(str);
            wSSignatureParams.setC14nMethod(str2);
            wSSignatureParams.setSignMethod(str3);
            wSSignatureParams.setCommonTrans(xSAlgorithmIdentifierArr);
            wSSignatureParams.setUsingDecryptTranform(z);
            wSSignatureParams.setKeyInfoData(wSSecurityTokenReference);
            sign(strArr, wSSignatureParams, (XSAlgorithmIdentifier[][]) null);
        } catch (TransformerException e) {
            throw new WSSException(e, WSSException.FAILED_CHECK);
        }
    }

    public void sign(String[] strArr, WSSKeyIdentifier wSSKeyIdentifier, PrivateKey privateKey, String str, String str2, String str3, boolean z) throws WSSException, KeyRetrievalException {
        XSAlgorithmIdentifier xSAlgorithmIdentifier = new XSAlgorithmIdentifier(getOwnerDocument(), "Transform", str2);
        xSAlgorithmIdentifier.setSystemId(this.systemId);
        sign(strArr, wSSKeyIdentifier, privateKey, str, str2, str3, new XSAlgorithmIdentifier[]{xSAlgorithmIdentifier}, z);
    }

    public void sign(String[] strArr, WSSKeyIdentifier wSSKeyIdentifier, PrivateKey privateKey, String str, String str2, String str3, XSAlgorithmIdentifier[] xSAlgorithmIdentifierArr, boolean z) throws WSSException, KeyRetrievalException {
        Document ownerDocument = getOwnerDocument();
        if (wSSKeyIdentifier instanceof X509KeyIdentifier) {
            if (privateKey == null || 0 == 0) {
                List resolvers = X509KeyIdentifier.getResolvers();
                int size = resolvers.size();
                for (int i = 0; i < size && privateKey == null; i++) {
                    try {
                        privateKey = ((X509KeyIdentifierResolver) resolvers.get(i)).getPrivateKey((X509KeyIdentifier) wSSKeyIdentifier, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier");
                    } catch (X509KeyIdentifierResolverException e) {
                        privateKey = null;
                    }
                }
            }
        } else if (wSSKeyIdentifier instanceof SAMLAssertionKeyIdentifier) {
            if (privateKey == null || 0 == 0) {
                List resolvers2 = SAMLAssertionKeyIdentifier.getResolvers();
                int size2 = resolvers2.size();
                for (int i2 = 0; i2 < size2 && privateKey == null; i2++) {
                    try {
                        privateKey = ((SAMLAssertionKeyIdentifierResolver) resolvers2.get(i2)).getPrivateKey((SAMLAssertionKeyIdentifier) wSSKeyIdentifier, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier", ((SAMLAssertionKeyIdentifier) wSSKeyIdentifier).getAuthorityBinding());
                    } catch (SAMLAssertionKeyIdentifierResolverException e2) {
                        privateKey = null;
                    }
                }
            }
        } else if ((wSSKeyIdentifier instanceof SAML2AssertionKeyIdentifier) && (privateKey == null || 0 == 0)) {
            List resolvers3 = SAML2AssertionKeyIdentifier.getResolvers();
            int size3 = resolvers3.size();
            for (int i3 = 0; i3 < size3 && privateKey == null; i3++) {
                try {
                    privateKey = ((SAML2AssertionKeyIdentifierResolver) resolvers3.get(i3)).getPrivateKey((SAML2AssertionKeyIdentifier) wSSKeyIdentifier, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier");
                } catch (SAML2AssertionKeyIdentifierResolverException e3) {
                    privateKey = null;
                }
            }
        }
        if (privateKey == null) {
            throw new KeyRetrievalException("Unable to Locate Private Key for \n " + wSSKeyIdentifier);
        }
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(ownerDocument);
        if (wSSKeyIdentifier.getValueType().equals(WSSURI.saml11_vt_keyId)) {
            wSSecurityTokenReference.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
        }
        wSSecurityTokenReference.setWsuId("_" + XMLUtils.randomName());
        wSSecurityTokenReference.setSTReference(wSSKeyIdentifier);
        WSSignatureParams wSSignatureParams = new WSSignatureParams((byte[]) null, privateKey);
        wSSignatureParams.setDigestMethod(str);
        wSSignatureParams.setC14nMethod(str2);
        wSSignatureParams.setSignMethod(str3);
        wSSignatureParams.setCommonTrans(xSAlgorithmIdentifierArr);
        wSSignatureParams.setUsingDecryptTranform(z);
        wSSignatureParams.setKeyInfoData(wSSecurityTokenReference);
        sign(strArr, wSSignatureParams, (XSAlgorithmIdentifier[][]) null);
    }

    public void sign(String str, WSSignatureParams wSSignatureParams) throws WSSException {
        sign(new String[]{str}, wSSignatureParams, (XSAlgorithmIdentifier[][]) null);
    }

    public void sign(WSSecurityTokenReference wSSecurityTokenReference, WSSignatureParams wSSignatureParams) throws WSSException {
        sign((String[]) null, new WSSecurityTokenReference[]{wSSecurityTokenReference}, wSSignatureParams);
    }

    public void sign(String[] strArr, WSSecurityTokenReference[] wSSecurityTokenReferenceArr, WSSignatureParams wSSignatureParams) throws WSSException {
        WSSecurityTokenReferenceType x509KeyIdentifier;
        Document ownerDocument = getOwnerDocument();
        try {
            XSSignature xSSignature = new XSSignature(WSSUtils.prependChild2(this, XSSignature.newInstance(ownerDocument, (String) null).getNode()));
            xSSignature.setSignedInfo(xSSignature.createSignedInfo(wSSignatureParams.getC14NMethod(), wSSignatureParams.getSignatureMethod(), (String) null));
            XSSignedInfo signedInfo = xSSignature.getSignedInfo();
            boolean usingDecryptionTransform = wSSignatureParams.usingDecryptionTransform();
            if (strArr != null) {
                for (String str : strArr) {
                    XSReference createReference = xSSignature.createReference((String) null, str, (String) null, wSSignatureParams.getDigestMethod());
                    createReference.addTransform(xSSignature.createTransform(wSSignatureParams.getC14NMethod()));
                    if (usingDecryptionTransform) {
                        createReference.addTransform(xSSignature.createTransform("http://www.w3.org/2002/07/decrypt#XML"));
                    }
                    signedInfo.addReference(createReference);
                }
            }
            if (wSSecurityTokenReferenceArr != null) {
                for (WSSecurityTokenReference wSSecurityTokenReference : wSSecurityTokenReferenceArr) {
                    XSReference createReference2 = xSSignature.createReference((String) null, "#" + wSSecurityTokenReference.getWsuId(), (String) null, wSSignatureParams.getDigestMethod());
                    XSAlgorithmIdentifier createTransform = xSSignature.createTransform(WSSURI.alg_strTransform);
                    Element createElementNS = ownerDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", WSSURI.CANONICALIZATION_METHOD);
                    createElementNS.setAttribute(WSSURI.ALGORITHM, wSSignatureParams.getC14NMethod());
                    XMLUtils.copyNSPrefix((Element) createTransform.getNode(), createElementNS);
                    Element createElementNS2 = getOwnerDocument().createElementNS(WSSURI.ns_wsse, "wsse:TransformationParameters");
                    createElementNS2.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", WSSURI.ns_wsse);
                    createElementNS2.appendChild(createElementNS);
                    createTransform.addParameter(createElementNS2);
                    createReference2.addTransform(createTransform);
                    createReference2.addTransform(xSSignature.createTransform(wSSignatureParams.getC14NMethod()));
                    if (usingDecryptionTransform) {
                        createReference2.addTransform(xSSignature.createTransform("http://www.w3.org/2002/07/decrypt#XML"));
                    }
                    signedInfo.addReference(createReference2);
                }
            }
            PrivateKey privateKey = wSSignatureParams.getPrivateKey();
            if (privateKey != null) {
                xSSignature.sign(privateKey, (String) null);
            } else {
                byte[] secretKey = wSSignatureParams.getSecretKey();
                if (secretKey == null) {
                    throw new WSSException("No keys specified for signing.");
                }
                xSSignature.sign(secretKey, (String) null);
            }
            XSKeyInfo createKeyInfo = xSSignature.createKeyInfo();
            X509Certificate x509Certificate = wSSignatureParams.getX509Certificate();
            byte[] certId = wSSignatureParams.getCertId();
            if (x509Certificate == null && certId == null) {
                createKeyInfo.addKeyInfoData(createKeyInfo.createKeyName(wSSignatureParams.getKeyName()));
            } else {
                WSSecurityTokenReference wSSecurityTokenReference2 = new WSSecurityTokenReference(ownerDocument);
                wSSecurityTokenReference2.setWsuId("_" + XMLUtils.randomName());
                if (x509Certificate != null) {
                    X509BinarySecurityToken x509BinarySecurityToken = new X509BinarySecurityToken(ownerDocument);
                    WSSUtils.prependChild(this, x509BinarySecurityToken.getNode());
                    x509BinarySecurityToken.setToken(x509Certificate);
                    String str2 = "_" + XMLUtils.randomName();
                    x509BinarySecurityToken.setWsuId(str2);
                    x509KeyIdentifier = new WSSReference(ownerDocument, "#" + str2);
                } else {
                    x509KeyIdentifier = new X509KeyIdentifier(ownerDocument);
                    ((WSSKeyIdentifier) x509KeyIdentifier).setValue(certId);
                }
                wSSecurityTokenReference2.setSTReference(x509KeyIdentifier);
                createKeyInfo.addKeyInfoData(wSSecurityTokenReference2);
            }
            xSSignature.setKeyInfo(createKeyInfo);
        } catch (TransformationException e) {
            throw new WSSException((Throwable) e, WSSException.FAILED_CHECK);
        } catch (SigningException e2) {
            throw new WSSException((Throwable) e2, WSSException.INVALID_SECURITY);
        }
    }

    public void decryptAll() throws WSSException {
        decryptAll(null);
    }

    public void decryptAll(SOAPMessage sOAPMessage) throws WSSException {
        NodeList childElementsByTagNameNS = getChildElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", WSSURI.ENCRYPTED_KEY);
        int length = childElementsByTagNameNS.getLength();
        for (int i = 0; i < length; i++) {
            decrypt(new XEEncryptedKey((Element) childElementsByTagNameNS.item(0)), sOAPMessage);
        }
        NodeList childElementsByTagNameNS2 = getChildElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", WSSURI.REFERENCE_LIST);
        int length2 = childElementsByTagNameNS2.getLength();
        for (int i2 = 0; i2 < length2; i2++) {
            decrypt(new XEReferenceList((Element) childElementsByTagNameNS2.item(0)), (SecretKey) null, sOAPMessage);
        }
        NodeList childElementsByTagNameNS3 = getChildElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", WSSURI.ENCRYPTED_DATA);
        int length3 = childElementsByTagNameNS3.getLength();
        for (int i3 = 0; i3 < length3; i3++) {
            try {
                decrypt(new XEEncryptedData((Element) childElementsByTagNameNS3.item(i3)), (SecretKey) null, sOAPMessage);
            } catch (DOMException e) {
                throw new WSSException(e, WSSException.INVALID_SECURITY);
            }
        }
    }

    private static void removeEncryptedHeaderIfPresent(Element element) {
        if (element.getParentNode() != null && element.getParentNode().getNodeType() == 1 && ((Element) element.getParentNode()).getLocalName().equals(WSSURI.ENCRYPTED_HEADER) && ((Element) element.getParentNode()).getNamespaceURI().equals(WSSURI.ns_wsse11)) {
            Element element2 = (Element) element.getParentNode();
            element2.getParentNode().insertBefore(element, element2);
            element2.getParentNode().removeChild(element2);
        }
    }

    public List getReferenceLists() {
        return WSSUtils.getChildElements(this, "http://www.w3.org/2001/04/xmlenc#", WSSURI.REFERENCE_LIST);
    }

    public static List decrypt(XEReferenceList xEReferenceList, SecretKey secretKey) throws WSSException {
        return decrypt(xEReferenceList, secretKey, (SOAPMessage) null);
    }

    public static List decrypt(XEReferenceList xEReferenceList, SecretKey secretKey, SOAPMessage sOAPMessage) throws WSSException {
        Vector dataReferences = xEReferenceList.getDataReferences();
        ArrayList arrayList = new ArrayList(dataReferences.size());
        for (int i = 0; i < dataReferences.size(); i++) {
            try {
                arrayList.add(decryptElementOrAttachment(((XEDataReference) dataReferences.get(i)).getEncryptedObject(), secretKey, sOAPMessage));
            } catch (XEException e) {
                throw new WSSException((Throwable) e, WSSException.FAILED_CHECK);
            } catch (ReferenceException e2) {
                throw new WSSException((Throwable) e2, WSSException.SECURITY_TOKEN_UNAVAILABLE);
            }
        }
        return arrayList;
    }

    public static List decrypt(XEReferenceList xEReferenceList) throws WSSException {
        return decrypt(xEReferenceList, (SecretKey) null);
    }

    public List getEncryptedKeys() {
        return WSSUtils.getChildElements(this, "http://www.w3.org/2001/04/xmlenc#", WSSURI.ENCRYPTED_KEY);
    }

    public List getEncryptedData() {
        return WSSUtils.getChildElements(this, "http://www.w3.org/2001/04/xmlenc#", WSSURI.ENCRYPTED_DATA);
    }

    public static List decrypt(XEEncryptedKey xEEncryptedKey, PrivateKey privateKey) throws WSSException {
        return decrypt(xEEncryptedKey, privateKey, (SOAPMessage) null);
    }

    public static List decrypt(XEEncryptedKey xEEncryptedKey, PrivateKey privateKey, SOAPMessage sOAPMessage) throws WSSException {
        try {
            return decrypt(xEEncryptedKey, xEEncryptedKey.getKey((XEEncryptionMethod) null, privateKey), sOAPMessage);
        } catch (XEException e) {
            throw new WSSException((Throwable) e, WSSException.FAILED_CHECK);
        }
    }

    public static List decrypt(XEEncryptedKey xEEncryptedKey) throws WSSException {
        return decrypt(xEEncryptedKey, (SOAPMessage) null);
    }

    public static List decrypt(XEEncryptedKey xEEncryptedKey, SOAPMessage sOAPMessage) throws WSSException {
        try {
            Key decryptionKey = xEEncryptedKey.getDecryptionKey();
            if (decryptionKey instanceof SecretKey) {
                return decrypt(xEEncryptedKey, (SecretKey) decryptionKey, sOAPMessage);
            }
            if (decryptionKey instanceof PrivateKey) {
                return decrypt(xEEncryptedKey, (PrivateKey) decryptionKey, sOAPMessage);
            }
            throw new WSSException(WSSException.FAILED_CHECK, "Key must be SecretKey or PrivateKey");
        } catch (XEException e) {
            throw new WSSException((Throwable) e, WSSException.FAILED_CHECK);
        }
    }

    public static Object decrypt(XEEncryptedData xEEncryptedData, SecretKey secretKey) throws WSSException {
        return decrypt(xEEncryptedData, secretKey, (SOAPMessage) null);
    }

    public static Object decrypt(XEEncryptedData xEEncryptedData, SecretKey secretKey, SOAPMessage sOAPMessage) throws WSSException {
        try {
            return decryptElementOrAttachment(xEEncryptedData, secretKey, sOAPMessage);
        } catch (XEException e) {
            throw new WSSException((Throwable) e, WSSException.FAILED_CHECK);
        }
    }

    public static Object decrypt(XEEncryptedData xEEncryptedData) throws WSSException {
        return decrypt(xEEncryptedData, (SecretKey) null, (SOAPMessage) null);
    }

    public static List decrypt(XEEncryptedKey xEEncryptedKey, SecretKey secretKey) throws WSSException {
        return decrypt(xEEncryptedKey, secretKey, (SOAPMessage) null);
    }

    public static List decrypt(XEEncryptedKey xEEncryptedKey, SecretKey secretKey, SOAPMessage sOAPMessage) throws WSSException {
        Vector dataReferences = xEEncryptedKey.getDataReferences();
        if (secretKey == null) {
            try {
                secretKey = xEEncryptedKey.getKey((XEEncryptionMethod) null);
            } catch (XEException e) {
                throw new WSSException((Throwable) e, WSSException.FAILED_CHECK);
            }
        }
        ArrayList arrayList = new ArrayList(dataReferences.size());
        for (int i = 0; i < dataReferences.size(); i++) {
            try {
                try {
                    arrayList.add(decryptElementOrAttachment(((XEDataReference) dataReferences.get(i)).getEncryptedObject(), secretKey, sOAPMessage));
                } catch (XEException e2) {
                    throw new WSSException((Throwable) e2, WSSException.FAILED_CHECK);
                }
            } catch (ReferenceException e3) {
                throw new WSSException((Throwable) e3, WSSException.SECURITY_TOKEN_UNAVAILABLE);
            }
        }
        return arrayList;
    }

    public List getSignatures() {
        return WSSUtils.getChildElements(this, "http://www.w3.org/2000/09/xmldsig#", WSSURI.SIGNATURE);
    }

    public boolean verify(XSSignature xSSignature) throws WSSException {
        return verify(xSSignature, (SOAPMessage) null);
    }

    public boolean verify(XSSignature xSSignature, SOAPMessage sOAPMessage) throws WSSException {
        return verify(xSSignature, false, sOAPMessage);
    }

    public static boolean verify(XSSignature xSSignature, boolean z) throws WSSException {
        return verify(xSSignature, z, null);
    }

    public static boolean verify(XSSignature xSSignature, byte[] bArr, PublicKey publicKey, SOAPMessage sOAPMessage) throws WSSException {
        if (bArr == null && publicKey == null) {
            throw new NullPointerException("One of hmacKey or pubKey should be non null");
        }
        SWAUtil.setSOAPMessage(sOAPMessage);
        try {
            return bArr != null ? xSSignature.verify(bArr, true) : publicKey != null ? xSSignature.verify(publicKey, true) : xSSignature.verify(true);
        } catch (VerifyException e) {
            throw new WSSException((Throwable) e, WSSException.INVALID_SECURITY);
        }
    }

    public static boolean verify(XSSignature xSSignature, boolean z, SOAPMessage sOAPMessage) throws WSSException {
        X509Certificate x509Certificate;
        SWAUtil.setSOAPMessage(sOAPMessage);
        try {
            XSKeyInfo keyInfo = xSSignature.getKeyInfo();
            if (z && keyInfo != null) {
                NodeList childElementsByTagNameNS = keyInfo.getChildElementsByTagNameNS(WSSURI.ns_wsse, WSSURI.SECURITY_TOKEN_REFERENCE);
                int length = childElementsByTagNameNS.getLength();
                for (int i = 0; i < length; i++) {
                    WSSecurityTokenReferenceType sTReference = new WSSecurityTokenReference((Element) childElementsByTagNameNS.item(i)).getSTReference();
                    if (sTReference instanceof SAMLAssertionKeyIdentifier) {
                        WSSecurityToken retrieveTokenfromURI = retrieveTokenfromURI(xSSignature.getOwnerDocument(), new String(((SAMLAssertionKeyIdentifier) sTReference).getValue()));
                        X509Certificate retrieveX509fromToken = retrieveX509fromToken(retrieveTokenfromURI);
                        if (retrieveX509fromToken != null) {
                            if (!XMLUtils.getAllowUnvalidatedCertFlag()) {
                                ((SAMLAssertionToken) retrieveTokenfromURI).validateCerts();
                            }
                            if (xSSignature.verify(retrieveX509fromToken.getPublicKey(), true)) {
                                return true;
                            }
                        }
                    }
                    WSSecurityToken securityToken = sTReference.getSecurityToken();
                    if ((securityToken instanceof X509BinarySecurityToken) && (x509Certificate = ((X509BinarySecurityToken) securityToken).getX509Certificate()) != null) {
                        ((X509BinarySecurityToken) securityToken).validate();
                        if (xSSignature.verify(x509Certificate.getPublicKey(), true)) {
                            return true;
                        }
                    }
                }
            }
            return xSSignature.verify(true);
        } catch (VerifyException e) {
            throw new WSSException((Throwable) e, WSSException.INVALID_SECURITY);
        } catch (KeyRetrievalException e2) {
            throw new WSSException((Throwable) e2, WSSException.INVALID_SECURITY);
        }
    }

    public boolean verifyAll() throws WSSException {
        return verifyAll(null);
    }

    public boolean verifyAll(SOAPMessage sOAPMessage) throws WSSException {
        SWAUtil.setSOAPMessage(sOAPMessage);
        List signatures = getSignatures();
        int size = signatures.size();
        for (int i = 0; i < size; i++) {
            if (!verify((XSSignature) signatures.get(i), sOAPMessage)) {
                return false;
            }
        }
        return true;
    }

    public static void addWsuIdToElement(String str, Element element) {
        WSSUtils.addWsuIdToElement(str, element);
    }

    public XSSignature createSignature() throws DOMException {
        return XSSignature.newInstance(getOwnerDocument(), this.systemId);
    }

    public XEEncryptedData createEncryptedData(String str) throws DOMException {
        XEEncryptedData newInstance = XEEncryptedData.newInstance(getOwnerDocument(), this.systemId);
        if (str != null) {
            newInstance.setAttribute(WSSURI.TYPE, str);
        }
        return newInstance;
    }

    public XEEncryptedKey createEncryptedKey() throws DOMException {
        return XEEncryptedKey.newInstance(getOwnerDocument(), this.systemId);
    }

    public WSSecurityToken getSecurityTokenByWsuID(String str) {
        try {
            DOMXPath dOMXPath = new DOMXPath("//*[@_nspref:*[local-name()=$idname and string()=\"" + str + "\"]]");
            dOMXPath.addNamespace("_nspref", WSSURI.ns_wsu);
            SimpleVariableContext simpleVariableContext = new SimpleVariableContext();
            dOMXPath.setVariableContext(simpleVariableContext);
            simpleVariableContext.setVariableValue("idname", WSSURI.WSU_ID);
            Element element = (Element) dOMXPath.selectSingleNode(getOwnerDocument());
            if (element == null) {
                return null;
            }
            WSSecurityToken wSSUtils = WSSUtils.getInstance(element, null, null);
            if (wSSUtils instanceof WSSecurityToken) {
                return wSSUtils;
            }
            return null;
        } catch (JaxenException e) {
            return null;
        }
    }

    public List getUsernameTokens() {
        return WSSUtils.getChildElements(this, WSSURI.ns_wsse, WSSURI.USERNAME_TOKEN);
    }

    public List getBinaryTokens() {
        return WSSUtils.getChildElements(this, WSSURI.ns_wsse, WSSURI.BINARY_SECURITY_TOKEN);
    }

    public List getSAML2AssertionTokens() {
        SAML2Initializer.initialize();
        return WSSUtils.getChildElements(this, "urn:oasis:names:tc:SAML:2.0:assertion", "Assertion");
    }

    public List getSAMLAssertionTokens() {
        SAMLInitializer.initialize();
        return WSSUtils.getChildElements(this, "urn:oasis:names:tc:SAML:1.0:assertion", "Assertion");
    }

    public List getEncryptedAssertions() {
        SAML2Initializer.initialize();
        return WSSUtils.getChildElements(this, "urn:oasis:names:tc:SAML:2.0:assertion", "EncryptedAssertion");
    }

    public void addSignatureConfirmation(WSSignatureConfirmation wSSignatureConfirmation) {
        Node node = wSSignatureConfirmation.getNode();
        if (getOwnerDocument() != node.getOwnerDocument()) {
            node = (Element) getOwnerDocument().importNode(node, true);
        }
        WSSUtils.prependChild(this, node);
    }

    public WSSignatureConfirmation addSignatureConfirmation(String str) {
        WSSignatureConfirmation wSSignatureConfirmation = new WSSignatureConfirmation(getOwnerDocument());
        wSSignatureConfirmation.setValue(str);
        addSignatureConfirmation(wSSignatureConfirmation);
        return new WSSignatureConfirmation((Element) getFirstChild());
    }

    public List createSignatureConfirmations(Document document) {
        ArrayList arrayList = new ArrayList();
        for (String str : getSignatureValues()) {
            WSSignatureConfirmation wSSignatureConfirmation = new WSSignatureConfirmation(document);
            wSSignatureConfirmation.setValue(str);
            arrayList.add(wSSignatureConfirmation);
        }
        if (arrayList.size() == 0) {
            arrayList.add(new WSSignatureConfirmation(document));
        }
        return arrayList;
    }

    public String[] getSignatureValues() {
        NodeList childElementsByTagNameNS = getChildElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", WSSURI.SIGNATURE);
        String[] strArr = new String[childElementsByTagNameNS.getLength()];
        for (int i = 0; i < childElementsByTagNameNS.getLength(); i++) {
            strArr[i] = XMLUtils.collectText(new XSSignature((Element) childElementsByTagNameNS.item(i)).getSignatureValue().getNode()).trim();
        }
        return strArr;
    }

    public boolean verifySignatureConfirmations(String[] strArr) {
        if (strArr == null) {
            strArr = new String[0];
        }
        HashMap hashMap = new HashMap();
        for (String str : strArr) {
            hashMap.put(str, str);
        }
        NodeList childElementsByTagNameNS = getChildElementsByTagNameNS(WSSURI.ns_wsse11, WSSURI.SIGNATURE_CONFIRMATION);
        if (strArr.length == 0) {
            return childElementsByTagNameNS.getLength() == 1 && new WSSignatureConfirmation((Element) childElementsByTagNameNS.item(0)).getValue().equals("");
        }
        if (strArr.length != childElementsByTagNameNS.getLength()) {
            return false;
        }
        for (int i = 0; i < strArr.length; i++) {
            if (hashMap.get(new WSSignatureConfirmation((Element) childElementsByTagNameNS.item(i)).getValue()) == null) {
                return false;
            }
        }
        return true;
    }

    public WSSecurityTokenReference createSTR_X509_SKI(X509Certificate x509Certificate) {
        XMLNode x509KeyIdentifier = new X509KeyIdentifier(getNode().getOwnerDocument(), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier", WSSURI.et_Base64Binary);
        byte[] ski = XMLUtils.getSKI(x509Certificate);
        if (ski == null) {
            throw new IllegalArgumentException("NO SKI found");
        }
        x509KeyIdentifier.setValue(ski);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getNode().getOwnerDocument());
        wSSecurityTokenReference.appendChild(x509KeyIdentifier);
        return wSSecurityTokenReference;
    }

    public WSSecurityTokenReference createSTR_X509_IssuerSerial(X509Certificate x509Certificate) {
        XMLNode createX509Data = KeyUtils.createX509Data(getNode().getOwnerDocument());
        createX509Data.addIssuerSerial(x509Certificate.getIssuerX500Principal(), x509Certificate.getSerialNumber());
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getNode().getOwnerDocument());
        wSSecurityTokenReference.appendChild(createX509Data);
        return wSSecurityTokenReference;
    }

    public WSSecurityTokenReference createSTR_X509_ThumbprintSHA1(X509Certificate x509Certificate) {
        byte[] bArr = null;
        try {
            bArr = MessageDigest.getInstance("SHA-1").digest(x509Certificate.getEncoded());
        } catch (NoSuchAlgorithmException e) {
        } catch (CertificateEncodingException e2) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("Can't get certificate bytes");
            illegalArgumentException.initCause(e2);
            throw illegalArgumentException;
        }
        XMLNode wSSKeyIdentifier = new WSSKeyIdentifier(getNode().getOwnerDocument(), "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1", WSSURI.et_Base64Binary);
        wSSKeyIdentifier.setValue(bArr);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getNode().getOwnerDocument());
        wSSecurityTokenReference.appendChild(wSSKeyIdentifier);
        return wSSecurityTokenReference;
    }

    public WSSecurityTokenReference createSTR_X509_Ref(String str) {
        XMLNode wSSReference = new WSSReference(getNode().getOwnerDocument(), str);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getNode().getOwnerDocument());
        wSSecurityTokenReference.appendChild(wSSReference);
        return wSSecurityTokenReference;
    }

    public X509BinarySecurityToken createBST_X509(X509Certificate x509Certificate) throws CertificateEncodingException {
        X509BinarySecurityToken x509BinarySecurityToken = new X509BinarySecurityToken(getNode().getOwnerDocument());
        x509BinarySecurityToken.setToken(x509Certificate);
        return x509BinarySecurityToken;
    }

    public X509BinarySecurityToken createBST_X509(CertPath certPath) throws CertificateEncodingException {
        X509BinarySecurityToken x509BinarySecurityToken = new X509BinarySecurityToken(getNode().getOwnerDocument());
        x509BinarySecurityToken.setToken(certPath);
        return x509BinarySecurityToken;
    }

    public KerberosBinarySecurityToken createBST_Kerberos(byte[] bArr, String str) {
        KerberosBinarySecurityToken kerberosBinarySecurityToken = new KerberosBinarySecurityToken(getOwnerDocument(), str, WSSURI.et_Base64Binary);
        kerberosBinarySecurityToken.setValue(bArr);
        return kerberosBinarySecurityToken;
    }

    public WSSecurityTokenReference createSTR_Username_Ref(String str) {
        XMLNode wSSReference = new WSSReference(getNode().getOwnerDocument(), str);
        wSSReference.setValueType(WSSURI.vt_token_username);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getNode().getOwnerDocument());
        wSSecurityTokenReference.appendChild(wSSReference);
        return wSSecurityTokenReference;
    }

    public WSSecurityTokenReference createSTR_SAML_AssertionIdv11(byte[] bArr) {
        XMLNode sAMLAssertionKeyIdentifier = new SAMLAssertionKeyIdentifier(getNode().getOwnerDocument(), bArr);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getNode().getOwnerDocument());
        wSSecurityTokenReference.setTokenType(WSSURI.tt_saml_v11);
        wSSecurityTokenReference.appendChild(sAMLAssertionKeyIdentifier);
        return wSSecurityTokenReference;
    }

    public WSSecurityTokenReference createSTR_SAML_AssertionIdv11(byte[] bArr, AuthorityBinding authorityBinding) {
        XMLNode sAMLAssertionKeyIdentifier = new SAMLAssertionKeyIdentifier(getNode().getOwnerDocument(), bArr);
        sAMLAssertionKeyIdentifier.setAuthorityBinding(authorityBinding);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getNode().getOwnerDocument());
        wSSecurityTokenReference.setTokenType(WSSURI.tt_saml_v11);
        wSSecurityTokenReference.appendChild(sAMLAssertionKeyIdentifier);
        return wSSecurityTokenReference;
    }

    public WSSecurityTokenReference createSTR_SAML_AssertionIdv20(byte[] bArr) {
        XMLNode sAML2AssertionKeyIdentifier = new SAML2AssertionKeyIdentifier(getNode().getOwnerDocument(), bArr);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getNode().getOwnerDocument());
        wSSecurityTokenReference.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
        wSSecurityTokenReference.appendChild(sAML2AssertionKeyIdentifier);
        return wSSecurityTokenReference;
    }

    public WSSecurityTokenReference createSTR_SAML_Assertion_Ref20(String str) {
        XMLNode wSSReference = new WSSReference(getNode().getOwnerDocument(), str);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getNode().getOwnerDocument());
        wSSecurityTokenReference.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
        wSSecurityTokenReference.appendChild(wSSReference);
        return wSSecurityTokenReference;
    }

    public WSSecurityTokenReference createSTR_EncKeyRef(String str) {
        XMLNode wSSReference = new WSSReference(getNode().getOwnerDocument(), str);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getNode().getOwnerDocument());
        wSSecurityTokenReference.appendChild(wSSReference);
        return wSSecurityTokenReference;
    }

    public WSSecurityTokenReference createSTR_KerberosKeyRef(String str, String str2) {
        XMLNode wSSReference = new WSSReference(getOwnerDocument(), str);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getOwnerDocument());
        wSSecurityTokenReference.setTokenType(str2);
        wSSecurityTokenReference.appendChild(wSSReference);
        return wSSecurityTokenReference;
    }

    public WSSecurityTokenReference createSTR_KerberosKeyIdSHA1(byte[] bArr, String str) {
        XMLNode kerberosKeyIdentifier = new KerberosKeyIdentifier(getOwnerDocument());
        kerberosKeyIdentifier.setValueType(WSSURI.vt_Kerberosv5APREQSHA1);
        kerberosKeyIdentifier.setEncodingType(WSSURI.et_Base64Binary);
        try {
            kerberosKeyIdentifier.setValue(MessageDigest.getInstance("SHA-1").digest(bArr));
        } catch (NoSuchAlgorithmException e) {
        }
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getOwnerDocument());
        wSSecurityTokenReference.setTokenType(str);
        wSSecurityTokenReference.appendChild(kerberosKeyIdentifier);
        return wSSecurityTokenReference;
    }

    public static byte[] computeEncKeySHA1(XEEncryptedKey xEEncryptedKey) {
        try {
            return MessageDigest.getInstance("SHA-1").digest(xEEncryptedKey.getCipherData().getCipherValue());
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    public WSSecurityTokenReference createSTR_EncKeySHA1(byte[] bArr) {
        XMLNode wSSEncryptedKeyIdentifier = new WSSEncryptedKeyIdentifier(getNode().getOwnerDocument(), "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1", WSSURI.et_Base64Binary);
        wSSEncryptedKeyIdentifier.setValue(bArr);
        WSSecurityTokenReference wSSecurityTokenReference = new WSSecurityTokenReference(getNode().getOwnerDocument());
        wSSecurityTokenReference.setTokenType(WSSURI.tt_EncryptedKey);
        wSSecurityTokenReference.appendChild(wSSEncryptedKeyIdentifier);
        return wSSecurityTokenReference;
    }

    static {
        WSSInitializer.initialize();
    }
}
