package org.apache.cxf.ws.security.wss4j.policyhandlers;

import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import javax.crypto.SecretKey;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler;
import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
import org.apache.wss4j.policy.model.AbstractToken;
import org.apache.wss4j.policy.model.AbstractTokenWrapper;
import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.model.IssuedToken;
import org.apache.wss4j.policy.model.KerberosToken;
import org.apache.wss4j.policy.model.SecureConversationToken;
import org.apache.wss4j.policy.model.SecurityContextToken;
import org.apache.wss4j.policy.model.SpnegoContextToken;
import org.apache.wss4j.policy.model.SymmetricBinding;
import org.apache.wss4j.policy.model.UsernameToken;
import org.apache.wss4j.policy.model.X509Token;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.OutboundSecurityContext;
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-439.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-ws-security-3.1.5.redhat-630439.jar:org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.class */
public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler {
    private SymmetricBinding sbinding;
    private SoapMessage message;

    public StaxSymmetricBindingHandler(WSSSecurityProperties wSSSecurityProperties, SoapMessage soapMessage, SymmetricBinding symmetricBinding, OutboundSecurityContext outboundSecurityContext) {
        super(wSSSecurityProperties, soapMessage, symmetricBinding, outboundSecurityContext);
        this.message = soapMessage;
        this.sbinding = symmetricBinding;
    }

    private AbstractTokenWrapper getSignatureToken() {
        return this.sbinding.getProtectionToken() != null ? this.sbinding.getProtectionToken() : this.sbinding.getSignatureToken();
    }

    private AbstractTokenWrapper getEncryptionToken() {
        return this.sbinding.getProtectionToken() != null ? this.sbinding.getProtectionToken() : this.sbinding.getEncryptionToken();
    }

    public void handleBinding() {
        AssertionInfoMap assertionInfoMap = (AssertionInfoMap) getMessage().get(AssertionInfoMap.class);
        configureTimestamp(assertionInfoMap);
        assertPolicy(this.sbinding.getName());
        String str = (String) getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
        if (str != null && this.sbinding.getAlgorithmSuite() != null) {
            this.sbinding.getAlgorithmSuite().setAsymmetricSignature(str);
        }
        String str2 = (String) getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
        if (str2 != null && this.sbinding.getAlgorithmSuite() != null) {
            this.sbinding.getAlgorithmSuite().setSymmetricSignature(str2);
        }
        WSSSecurityProperties properties = getProperties();
        properties.setCallbackHandler(new TokenStoreCallbackHandler(properties.getCallbackHandler(), TokenStoreUtils.getTokenStore(this.message)));
        if (this.sbinding.getProtectionOrder() == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
            doEncryptBeforeSign();
            assertPolicy(new QName(this.sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_BEFORE_SIGNING));
        } else {
            doSignBeforeEncrypt();
            assertPolicy(new QName(this.sbinding.getName().getNamespaceURI(), SPConstants.SIGN_BEFORE_ENCRYPTING));
        }
        if (!isRequestor()) {
            properties.setEncryptSymmetricEncryptionKey(false);
        }
        configureLayout(assertionInfoMap);
        assertAlgorithmSuite(this.sbinding.getAlgorithmSuite());
        assertWSSProperties(this.sbinding.getName().getNamespaceURI());
        assertTrustProperties(this.sbinding.getName().getNamespaceURI());
        assertPolicy(new QName(this.sbinding.getName().getNamespaceURI(), SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
        if (this.sbinding.isProtectTokens()) {
            assertPolicy(new QName(this.sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
        }
    }

    private void doEncryptBeforeSign() {
        AbstractTokenWrapper signatureToken;
        try {
            AbstractTokenWrapper encryptionToken = getEncryptionToken();
            assertTokenWrapper(encryptionToken);
            AbstractToken token = encryptionToken.getToken();
            String str = null;
            SecurityToken securityToken = null;
            if (token instanceof KerberosToken) {
                securityToken = getSecurityToken();
                if (MessageUtils.isRequestor(this.message)) {
                    addKerberosToken((KerberosToken) token, false, true, true);
                }
            } else if (token instanceof IssuedToken) {
                securityToken = getSecurityToken();
                addIssuedToken((IssuedToken) token, securityToken, false, true);
                if (securityToken == null && !isRequestor()) {
                    str = WSS4JUtils.parseAndStoreStreamingSecurityToken(findInboundSecurityToken(WSSecurityEventConstants.SAML_TOKEN), this.message);
                }
            } else if ((token instanceof SecureConversationToken) || (token instanceof SecurityContextToken) || (token instanceof SpnegoContextToken)) {
                securityToken = getSecurityToken();
                if (securityToken != null && isRequestor()) {
                    getProperties().addAction(WSSConstants.CUSTOM_TOKEN);
                } else if (securityToken == null && !isRequestor()) {
                    str = WSS4JUtils.parseAndStoreStreamingSecurityToken(findInboundSecurityToken(WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN), this.message);
                }
            } else if (token instanceof X509Token) {
                str = isRequestor() ? setupEncryptedKey(encryptionToken, token) : WSS4JUtils.parseAndStoreStreamingSecurityToken(findEncryptedKeyToken(), this.message);
            } else if (token instanceof UsernameToken) {
                unassertPolicy(this.sbinding, "UsernameTokens not supported with Symmetric binding");
                return;
            }
            assertToken(token);
            if (securityToken == null) {
                securityToken = TokenStoreUtils.getTokenStore(this.message).getToken(XMLUtils.getIDFromReference(str));
            }
            if (!MessageUtils.isRequestor(this.message) || !(token instanceof KerberosToken)) {
                storeSecurityToken(token, securityToken);
            }
            try {
                List<SecurePart> encryptedParts = getEncryptedParts();
                List<SecurePart> signedParts = getSignedParts();
                addSupportingTokens();
                if (token != null && encryptedParts.size() > 0) {
                    if (isRequestor()) {
                        encryptedParts.addAll(this.encryptedTokensList);
                    }
                    if (this.sbinding.isEncryptSignature()) {
                        encryptedParts.add(new SecurePart(new QName("http://www.w3.org/2000/09/xmldsig#", "Signature"), SecurePart.Modifier.Element));
                        if (this.signatureConfirmationAdded) {
                            encryptedParts.add(new SecurePart(WSSConstants.TAG_WSSE11_SIG_CONF, SecurePart.Modifier.Element));
                        }
                        assertPolicy(new QName(this.sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
                    }
                    doEncryption(encryptionToken, encryptedParts, true);
                }
                if (this.timestampAdded) {
                    signedParts.add(new SecurePart(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Timestamp"), SecurePart.Modifier.Element));
                }
                signedParts.addAll(getSignedParts());
                if (signedParts.size() > 0 && (signatureToken = getSignatureToken()) != null) {
                    AbstractToken token2 = signatureToken.getToken();
                    if (isRequestor()) {
                        doSignature(signatureToken, token2, securityToken, signedParts);
                    } else {
                        addSignatureConfirmation(signedParts);
                        doSignature(signatureToken, token2, securityToken, signedParts);
                    }
                }
                removeSignatureIfSignedSAML();
                enforceEncryptBeforeSigningWithSignedSAML();
                prependSignatureToSC();
                putCustomTokenAfterSignature();
            } catch (SOAPException e) {
                throw new Fault((Throwable) e);
            }
        } catch (RuntimeException e2) {
            throw e2;
        } catch (Exception e3) {
            throw new Fault(e3);
        }
    }

    private void doSignBeforeEncrypt() {
        AbstractTokenWrapper signatureToken = getSignatureToken();
        assertTokenWrapper(signatureToken);
        AbstractToken token = signatureToken.getToken();
        String str = null;
        SecurityToken securityToken = null;
        try {
            if (token == null) {
                unassertPolicy(this.sbinding, "No signature token");
                return;
            }
            if (token instanceof KerberosToken) {
                securityToken = getSecurityToken();
                if (isRequestor()) {
                    addKerberosToken((KerberosToken) token, false, true, true);
                }
            } else if (token instanceof IssuedToken) {
                securityToken = getSecurityToken();
                addIssuedToken((IssuedToken) token, securityToken, false, true);
                if (securityToken == null && !isRequestor()) {
                    str = WSS4JUtils.parseAndStoreStreamingSecurityToken(findInboundSecurityToken(WSSecurityEventConstants.SAML_TOKEN), this.message);
                }
            } else if ((token instanceof SecureConversationToken) || (token instanceof SecurityContextToken) || (token instanceof SpnegoContextToken)) {
                securityToken = getSecurityToken();
                if (securityToken != null && isRequestor()) {
                    getProperties().addAction(WSSConstants.CUSTOM_TOKEN);
                } else if (securityToken == null && !isRequestor()) {
                    str = WSS4JUtils.parseAndStoreStreamingSecurityToken(findInboundSecurityToken(WSSecurityEventConstants.SECURITY_CONTEXT_TOKEN), this.message);
                }
            } else if (token instanceof X509Token) {
                str = isRequestor() ? setupEncryptedKey(signatureToken, token) : WSS4JUtils.parseAndStoreStreamingSecurityToken(findEncryptedKeyToken(), this.message);
            } else if (token instanceof UsernameToken) {
                unassertPolicy(this.sbinding, "UsernameTokens not supported with Symmetric binding");
                return;
            }
            assertToken(token);
            if (securityToken == null && StringUtils.isEmpty(str)) {
                unassertPolicy(signatureToken, "No signature token id");
                return;
            }
            if (securityToken == null) {
                securityToken = TokenStoreUtils.getTokenStore(this.message).getToken(str);
            }
            if (!MessageUtils.isRequestor(this.message) || !(token instanceof KerberosToken)) {
                storeSecurityToken(token, securityToken);
            }
            ArrayList arrayList = new ArrayList();
            if (this.timestampAdded) {
                arrayList.add(new SecurePart(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Timestamp"), SecurePart.Modifier.Element));
            }
            arrayList.addAll(getSignedParts());
            if (!isRequestor()) {
                addSignatureConfirmation(arrayList);
            }
            if (!arrayList.isEmpty()) {
                doSignature(signatureToken, token, securityToken, arrayList);
            }
            addSupportingTokens();
            removeSignatureIfSignedSAML();
            prependSignatureToSC();
            List<SecurePart> encryptedParts = getEncryptedParts();
            if (this.sbinding.isEncryptSignature()) {
                encryptedParts.add(new SecurePart(new QName("http://www.w3.org/2000/09/xmldsig#", "Signature"), SecurePart.Modifier.Element));
                if (this.signatureConfirmationAdded) {
                    encryptedParts.add(new SecurePart(WSSConstants.TAG_WSSE11_SIG_CONF, SecurePart.Modifier.Element));
                }
                assertPolicy(new QName(this.sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
            }
            if (isRequestor()) {
                encryptedParts.addAll(this.encryptedTokensList);
            }
            doEncryption(getEncryptionToken(), encryptedParts, false);
            putCustomTokenAfterSignature();
        } catch (Exception e) {
            throw new Fault(e);
        }
    }

    private void doEncryption(AbstractTokenWrapper abstractTokenWrapper, List<SecurePart> list, boolean z) throws SOAPException {
        if (abstractTokenWrapper == null || abstractTokenWrapper.getToken() == null) {
            return;
        }
        AbstractToken token = abstractTokenWrapper.getToken();
        AlgorithmSuite algorithmSuite = this.sbinding.getAlgorithmSuite();
        WSSSecurityProperties properties = getProperties();
        XMLSecurityConstants.Action action = WSSConstants.ENCRYPT;
        if (abstractTokenWrapper.getToken().getDerivedKeys() == AbstractToken.DerivedKeys.RequireDerivedKeys) {
            action = WSSConstants.ENCRYPT_WITH_DERIVED_KEY;
            if (MessageUtils.isRequestor(this.message) && (abstractTokenWrapper.getToken() instanceof X509Token)) {
                properties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.EncryptedKey);
            } else {
                properties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.DirectReference);
            }
            properties.setDerivedEncryptionKeyLength(this.sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryptionDerivedKeyLength() / 8);
        }
        if (abstractTokenWrapper.getVersion() == SPConstants.SPVersion.SP12) {
            properties.setUse200512Namespace(true);
        }
        properties.getEncryptionSecureParts().addAll(list);
        properties.addAction(action);
        if (isRequestor()) {
            properties.setEncryptionKeyIdentifier(getKeyIdentifierType(token));
            properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
        } else if ((abstractTokenWrapper.getToken() instanceof KerberosToken) && !isRequestor()) {
            properties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
            properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
            if (abstractTokenWrapper.getToken().getDerivedKeys() == AbstractToken.DerivedKeys.RequireDerivedKeys) {
                properties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
            }
        } else if (((abstractTokenWrapper.getToken() instanceof IssuedToken) || (abstractTokenWrapper.getToken() instanceof SecureConversationToken) || (abstractTokenWrapper.getToken() instanceof SpnegoContextToken)) && !isRequestor()) {
            properties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
        } else {
            properties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
            if (abstractTokenWrapper.getToken().getDerivedKeys() == AbstractToken.DerivedKeys.RequireDerivedKeys) {
                properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
                properties.setEncryptionKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
                properties.setEncryptSymmetricEncryptionKey(false);
            }
        }
        SecurityTokenConstants.KeyIdentifier encryptionKeyIdentifier = properties.getEncryptionKeyIdentifier();
        if ((token instanceof X509Token) && isTokenRequired(token.getIncludeTokenType()) && (WSSecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(encryptionKeyIdentifier) || WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER.equals(encryptionKeyIdentifier) || WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE.equals(encryptionKeyIdentifier))) {
            properties.setIncludeEncryptionToken(true);
        } else {
            properties.setIncludeEncryptionToken(false);
        }
        properties.setEncryptionKeyTransportAlgorithm(algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap());
        properties.setEncryptionSymAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
        String str = (String) SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_USERNAME, this.message);
        if (str == null) {
            str = (String) SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.USERNAME, this.message);
        }
        if (str != null && properties.getEncryptionUser() == null) {
            properties.setEncryptionUser(str);
        }
        if (ConfigurationConstants.USE_REQ_SIG_CERT.equals(str)) {
            properties.setUseReqSigCertForEncryption(true);
        }
        if ((token instanceof KerberosToken) || (token instanceof IssuedToken) || (token instanceof SpnegoContextToken) || (token instanceof SecurityContextToken) || (token instanceof SecureConversationToken)) {
            properties.setEncryptSymmetricEncryptionKey(false);
        }
    }

    private void doSignature(AbstractTokenWrapper abstractTokenWrapper, AbstractToken abstractToken, SecurityToken securityToken, List<SecurePart> list) throws WSSecurityException, SOAPException {
        WSSSecurityProperties properties = getProperties();
        XMLSecurityConstants.Action action = WSSConstants.SIGNATURE;
        if (abstractTokenWrapper.getToken().getDerivedKeys() == AbstractToken.DerivedKeys.RequireDerivedKeys) {
            action = WSSConstants.SIGNATURE_WITH_DERIVED_KEY;
            if (MessageUtils.isRequestor(this.message) && (abstractToken instanceof X509Token)) {
                properties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.EncryptedKey);
            } else {
                properties.setDerivedKeyTokenReference(WSSConstants.DerivedKeyTokenReference.DirectReference);
            }
            properties.setDerivedSignatureKeyLength(this.sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getSignatureDerivedKeyLength() / 8);
        }
        if (abstractToken.getVersion() == SPConstants.SPVersion.SP12) {
            properties.setUse200512Namespace(true);
        }
        List<XMLSecurityConstants.Action> actions = properties.getActions();
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= actions.size()) {
                break;
            }
            if (actions.get(i).equals(WSSConstants.KERBEROS_TOKEN)) {
                actions.add(i, action);
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            actions.add(action);
        }
        properties.getSignatureSecureParts().addAll(list);
        AbstractToken token = abstractTokenWrapper.getToken();
        if (this.sbinding.isProtectTokens() && (token instanceof X509Token) && isRequestor()) {
            properties.addSignaturePart(new SecurePart(new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey"), SecurePart.Modifier.Element));
        }
        configureSignature(token, false);
        if (abstractToken instanceof X509Token) {
            properties.setIncludeSignatureToken(false);
            if (isRequestor()) {
                properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KeyIdentifier_EncryptedKey);
            } else {
                properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
                if (abstractTokenWrapper.getToken().getDerivedKeys() == AbstractToken.DerivedKeys.RequireDerivedKeys) {
                    properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER);
                    properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
                }
            }
        } else if (abstractToken instanceof KerberosToken) {
            if (isRequestor()) {
                properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
            } else {
                if (abstractTokenWrapper.getToken().getDerivedKeys() == AbstractToken.DerivedKeys.RequireDerivedKeys) {
                    properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
                } else {
                    properties.setSignatureKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
                }
                properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_KERBEROS_SHA1_IDENTIFIER);
            }
        } else if ((abstractToken instanceof IssuedToken) || (abstractToken instanceof SecurityContextToken) || (abstractToken instanceof SecureConversationToken) || (abstractToken instanceof SpnegoContextToken)) {
            if (isRequestor()) {
                properties.setIncludeSignatureToken(true);
            } else {
                properties.setIncludeSignatureToken(false);
            }
            properties.setDerivedKeyKeyIdentifier(WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE);
        }
        if (token.getDerivedKeys() == AbstractToken.DerivedKeys.RequireDerivedKeys) {
            properties.setSignatureAlgorithm(this.sbinding.getAlgorithmSuite().getSymmetricSignature());
        }
    }

    private String setupEncryptedKey(AbstractTokenWrapper abstractTokenWrapper, AbstractToken abstractToken) throws WSSecurityException {
        Date date = new Date();
        Date date2 = new Date();
        date2.setTime(date.getTime() + 300000);
        SecurityToken securityToken = new SecurityToken(IDGenerator.generateID(null), date, date2);
        SecretKey generateKey = KeyUtils.getKeyGenerator(this.sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption()).generateKey();
        securityToken.setKey(generateKey);
        securityToken.setSecret(generateKey.getEncoded());
        TokenStoreUtils.getTokenStore(this.message).add(securityToken);
        return securityToken.getId();
    }

    private org.apache.xml.security.stax.securityToken.SecurityToken findEncryptedKeyToken() throws XMLSecurityException {
        List<SecurityEvent> list = (List) this.message.getExchange().get(SecurityEvent.class.getName() + ".in");
        if (list == null) {
            return null;
        }
        for (SecurityEvent securityEvent : list) {
            if (WSSecurityEventConstants.ENCRYPTED_PART == securityEvent.getSecurityEventType() || WSSecurityEventConstants.EncryptedElement == securityEvent.getSecurityEventType()) {
                org.apache.xml.security.stax.securityToken.SecurityToken securityToken = ((AbstractSecuredElementSecurityEvent) securityEvent).getSecurityToken();
                if (securityToken != null && securityToken.getKeyWrappingToken() != null && securityToken.getKeyWrappingToken().getSecretKey() != null && securityToken.getKeyWrappingToken().getSha1Identifier() != null) {
                    return securityToken.getKeyWrappingToken();
                }
                if (securityToken != null && securityToken.getSecretKey() != null && securityToken.getSha1Identifier() != null) {
                    return securityToken;
                }
            }
        }
        for (SecurityEvent securityEvent2 : list) {
            if (WSSecurityEventConstants.SIGNED_PART == securityEvent2.getSecurityEventType() || WSSecurityEventConstants.SignedElement == securityEvent2.getSecurityEventType()) {
                org.apache.xml.security.stax.securityToken.SecurityToken securityToken2 = ((AbstractSecuredElementSecurityEvent) securityEvent2).getSecurityToken();
                if (securityToken2 != null && securityToken2.getKeyWrappingToken() != null && securityToken2.getKeyWrappingToken().getSecretKey() != null && securityToken2.getKeyWrappingToken().getSha1Identifier() != null) {
                    return securityToken2.getKeyWrappingToken();
                }
                if (securityToken2 != null && securityToken2.getSecretKey() != null && securityToken2.getSha1Identifier() != null) {
                    return securityToken2;
                }
            }
        }
        return null;
    }
}
