package org.apache.cxf.ws.security.wss4j.policyhandlers;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Calendar;
import java.util.Iterator;
import java.util.Vector;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP11Constants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Token;
import org.apache.cxf.ws.security.policy.model.TokenWrapper;
import org.apache.cxf.ws.security.policy.model.X509Token;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecBase;
import org.apache.ws.security.message.WSSecDKEncrypt;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.Base64;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.class */
public class SymmetricBindingHandler extends AbstractBindingBuilder {
    SymmetricBinding sbinding;
    TokenStore tokenStore;

    public SymmetricBindingHandler(SymmetricBinding symmetricBinding, SOAPMessage sOAPMessage, WSSecHeader wSSecHeader, AssertionInfoMap assertionInfoMap, SoapMessage soapMessage) {
        super(symmetricBinding, sOAPMessage, wSSecHeader, assertionInfoMap, soapMessage);
        this.sbinding = symmetricBinding;
        this.tokenStore = getTokenStore();
        this.protectionOrder = symmetricBinding.getProtectionOrder();
    }

    private TokenWrapper getSignatureToken() {
        return this.sbinding.getProtectionToken() != null ? this.sbinding.getProtectionToken() : this.sbinding.getSignatureToken();
    }

    private TokenWrapper getEncryptionToken() {
        return this.sbinding.getProtectionToken() != null ? this.sbinding.getProtectionToken() : this.sbinding.getEncryptionToken();
    }

    public void handleBinding() {
        handleLayout(createTimestamp());
        if (isRequestor()) {
            initializeTokens();
        }
        if (this.sbinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning) {
            doEncryptBeforeSign();
        } else {
            doSignBeforeEncrypt();
        }
        policyAsserted(SP11Constants.TRUST_10);
        policyAsserted(SP12Constants.TRUST_13);
    }

    private void initializeTokens() {
        Token token = getSignatureToken().getToken();
        if (!(token instanceof IssuedToken) && (token instanceof SecureConversationToken)) {
        }
    }

    private void doEncryptBeforeSign() {
        try {
            TokenWrapper encryptionToken = getEncryptionToken();
            Token token = encryptionToken.getToken();
            Vector<WSEncryptionPart> encryptedParts = getEncryptedParts();
            Vector<WSEncryptionPart> signedParts = getSignedParts();
            if (token != null || encryptedParts.size() > 0) {
            }
            if (token != null && encryptedParts.size() > 0) {
                String str = null;
                SecurityToken securityToken = null;
                if (token instanceof IssuedToken) {
                    securityToken = getSecurityToken();
                } else if (token instanceof SecureConversationToken) {
                    securityToken = getSecurityToken();
                } else if (token instanceof X509Token) {
                    str = isRequestor() ? setupEncryptedKey(encryptionToken, token) : getEncryptedKey();
                }
                if (securityToken == null) {
                    if (str == null || str.length() != 0) {
                    }
                    if (str.startsWith("#")) {
                        str = str.substring(1);
                    }
                    securityToken = this.tokenStore.getToken(str);
                }
                boolean z = false;
                if (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == token.getInclusion() || SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == token.getInclusion() || (isRequestor() && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == token.getInclusion())) {
                    addEncyptedKeyElement(cloneElement(securityToken.getToken()));
                    z = true;
                } else if ((token instanceof X509Token) && isRequestor()) {
                    addEncyptedKeyElement(cloneElement(securityToken.getToken()));
                    z = true;
                }
                WSSecDKEncrypt doEncryption = doEncryption(encryptionToken, securityToken, z, encryptedParts, true);
                handleEncryptedSignedHeaders(encryptedParts, signedParts);
                if (this.timestampEl != null) {
                    signedParts.add(new WSEncryptionPart(addWsuIdToElement(this.timestampEl.getElement())));
                }
                if (isRequestor()) {
                    addSupportingTokens(signedParts);
                } else {
                    addSignatureConfirmation(signedParts);
                }
                if (signedParts.size() > 0) {
                    this.signatures.add(doSignature(signedParts, encryptionToken, token, securityToken, z));
                }
                if (isRequestor()) {
                    doEndorse();
                }
                if ((this.sbinding.isSignatureProtection() && this.mainSigId != null) || (this.encryptedTokensIdList.size() > 0 && isRequestor())) {
                    Vector vector = new Vector();
                    if (this.sbinding.isSignatureProtection()) {
                        vector.add(new WSEncryptionPart(this.mainSigId, "Element"));
                    }
                    if (isRequestor()) {
                        Iterator<String> it = this.encryptedTokensIdList.iterator();
                        while (it.hasNext()) {
                            vector.add(new WSEncryptionPart(it.next(), "Element"));
                        }
                    }
                    if (token.isDerivedKeys()) {
                        addDerivedKeyElement(doEncryption.encryptForExternalRef((Element) null, vector));
                    } else {
                        addDerivedKeyElement(((WSSecEncrypt) doEncryption).encryptForExternalRef((Element) null, encryptedParts));
                    }
                }
            }
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new Fault(e2);
        }
    }

    private void doSignBeforeEncrypt() {
        SecurityToken token;
        TokenWrapper signatureToken = getSignatureToken();
        Token token2 = signatureToken.getToken();
        String str = null;
        Element element = null;
        SecurityToken securityToken = null;
        try {
            if (token2 == null) {
                policyNotAsserted(this.sbinding, "No signature token");
                return;
            }
            if (token2 instanceof SecureConversationToken) {
                securityToken = getSecurityToken();
            } else if (token2 instanceof IssuedToken) {
                securityToken = getSecurityToken();
            } else if (token2 instanceof X509Token) {
                str = isRequestor() ? setupEncryptedKey(signatureToken, token2) : getEncryptedKey();
            }
            if (securityToken == null && StringUtils.isEmpty(str)) {
                policyNotAsserted(signatureToken, "No signature token id");
                return;
            }
            policyAsserted(signatureToken);
            if (securityToken == null) {
                securityToken = this.tokenStore.getToken(str);
            }
            if (securityToken == null) {
            }
            boolean z = true;
            if (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == token2.getInclusion() || SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == token2.getInclusion() || (isRequestor() && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == token2.getInclusion())) {
                element = cloneElement(securityToken.getToken());
                addEncyptedKeyElement(element);
            } else if (isRequestor() && (token2 instanceof X509Token)) {
                element = (Element) this.secHeader.getSecurityHeader().getOwnerDocument().importNode(securityToken.getToken(), true);
                addEncyptedKeyElement(element);
            } else {
                z = false;
            }
            Vector<WSEncryptionPart> signedParts = getSignedParts();
            if (this.timestampEl != null) {
                signedParts.add(new WSEncryptionPart(addWsuIdToElement(this.timestampEl.getElement())));
            }
            if (isRequestor()) {
                addSupportingTokens(signedParts);
                if (!signedParts.isEmpty()) {
                    this.signatures.add(doSignature(signedParts, signatureToken, token2, securityToken, z));
                }
                doEndorse();
            } else {
                assertSupportingTokens(signedParts);
                addSignatureConfirmation(signedParts);
                if (!signedParts.isEmpty()) {
                    doSignature(signedParts, signatureToken, token2, securityToken, z);
                }
            }
            TokenWrapper encryptionToken = getEncryptionToken();
            Token token3 = encryptionToken.getToken();
            if (token2.equals(token3)) {
                token = securityToken;
            } else {
                token = this.tokenStore.getToken(null);
                if (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == token3.getInclusion() || SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == token3.getInclusion() || (isRequestor() && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == token3.getInclusion())) {
                    this.secHeader.getSecurityHeader().insertBefore(token.getToken(), element);
                }
            }
            Vector<WSEncryptionPart> encryptedParts = getEncryptedParts();
            if (this.sbinding.isSignatureProtection() && this.mainSigId != null) {
                encryptedParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
            }
            if (isRequestor()) {
                Iterator<String> it = this.encryptedTokensIdList.iterator();
                while (it.hasNext()) {
                    encryptedParts.add(new WSEncryptionPart(it.next(), "Element"));
                }
            }
            doEncryption(encryptionToken, token, z, encryptedParts, false);
        } catch (Exception e) {
            throw new Fault(e);
        }
    }

    private WSSecBase doEncryptionDerived(TokenWrapper tokenWrapper, SecurityToken securityToken, Token token, boolean z, Vector<WSEncryptionPart> vector, boolean z2) {
        try {
            WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
            if (tokenWrapper.getToken().getSPConstants() == SP12Constants.INSTANCE) {
                wSSecDKEncrypt.setWscVersion(2);
            }
            if (z && securityToken.getAttachedReference() != null) {
                wSSecDKEncrypt.setExternalKey(securityToken.getSecret(), (Element) this.saaj.getSOAPPart().importNode(securityToken.getAttachedReference(), true));
            } else if (securityToken.getUnattachedReference() != null) {
                wSSecDKEncrypt.setExternalKey(securityToken.getSecret(), (Element) this.saaj.getSOAPPart().importNode(securityToken.getUnattachedReference(), true));
            } else if (!isRequestor()) {
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(this.saaj.getSOAPPart());
                if (securityToken.getSHA1() != null) {
                    securityTokenReference.setKeyIdentifierEncKeySHA1(securityToken.getSHA1());
                }
                wSSecDKEncrypt.setExternalKey(securityToken.getSecret(), securityTokenReference.getElement());
            } else if (z) {
                String wsuId = securityToken.getWsuId();
                if (wsuId == null && (token instanceof SecureConversationToken)) {
                    wSSecDKEncrypt.setTokenIdDirectId(true);
                    wsuId = securityToken.getId();
                } else if (wsuId == null) {
                    wsuId = securityToken.getId();
                }
                if (wsuId.startsWith("#")) {
                    wsuId = wsuId.substring(1);
                }
                wSSecDKEncrypt.setExternalKey(securityToken.getSecret(), wsuId);
            } else {
                wSSecDKEncrypt.setTokenIdDirectId(true);
                wSSecDKEncrypt.setExternalKey(securityToken.getSecret(), securityToken.getId());
            }
            if (securityToken.getSHA1() != null) {
                wSSecDKEncrypt.setCustomValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
            } else {
                wSSecDKEncrypt.setCustomValueType(securityToken.getTokenType());
            }
            wSSecDKEncrypt.setSymmetricEncAlgorithm(this.sbinding.getAlgorithmSuite().getEncryption());
            wSSecDKEncrypt.setDerivedKeyLength(this.sbinding.getAlgorithmSuite().getEncryptionDerivedKeyLength() / 8);
            wSSecDKEncrypt.prepare(this.saaj.getSOAPPart());
            addDerivedKeyElement(wSSecDKEncrypt.getdktElement());
            Element encryptForExternalRef = wSSecDKEncrypt.encryptForExternalRef((Element) null, vector);
            if (z2) {
                insertBeforeBottomUp(encryptForExternalRef);
            } else {
                addDerivedKeyElement(encryptForExternalRef);
            }
            return wSSecDKEncrypt;
        } catch (Exception e) {
            policyNotAsserted(tokenWrapper, e);
            return null;
        }
    }

    private WSSecBase doEncryption(TokenWrapper tokenWrapper, SecurityToken securityToken, boolean z, Vector<WSEncryptionPart> vector, boolean z2) {
        if (tokenWrapper == null || tokenWrapper.getToken() == null || vector.size() <= 0) {
            return null;
        }
        Token token = tokenWrapper.getToken();
        policyAsserted(tokenWrapper);
        policyAsserted(token);
        AlgorithmSuite algorithmSuite = this.sbinding.getAlgorithmSuite();
        if (token.isDerivedKeys()) {
            return doEncryptionDerived(tokenWrapper, securityToken, token, z, vector, z2);
        }
        try {
            WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
            String id = securityToken.getId();
            if (z) {
                id = securityToken.getWsuId();
                if (id == null && (token instanceof SecureConversationToken)) {
                    wSSecEncrypt.setEncKeyIdDirectId(true);
                    id = securityToken.getId();
                } else if (id == null) {
                    id = securityToken.getId();
                }
                if (id.startsWith("#")) {
                    id = id.substring(1);
                }
            } else {
                wSSecEncrypt.setEncKeyIdDirectId(true);
            }
            if (securityToken.getTokenType() != null) {
                wSSecEncrypt.setEncKeyValueType(securityToken.getTokenType());
            }
            wSSecEncrypt.setEncKeyId(id);
            wSSecEncrypt.setEphemeralKey(securityToken.getSecret());
            Crypto encryptionCrypto = getEncryptionCrypto(tokenWrapper);
            if (encryptionCrypto != null) {
                this.message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, encryptionCrypto);
                setEncryptionUser(wSSecEncrypt, tokenWrapper, false, encryptionCrypto);
            }
            wSSecEncrypt.setDocument(this.saaj.getSOAPPart());
            wSSecEncrypt.setEncryptSymmKey(false);
            wSSecEncrypt.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
            if (isRequestor()) {
                if (token instanceof IssuedToken) {
                    wSSecEncrypt.setUseKeyIdentifier(true);
                    wSSecEncrypt.setCustomReferenceValue("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                    wSSecEncrypt.setKeyIdentifierType(12);
                }
            } else if (securityToken.getSHA1() != null) {
                wSSecEncrypt.setUseKeyIdentifier(true);
                wSSecEncrypt.setCustomReferenceValue(securityToken.getSHA1());
                wSSecEncrypt.setKeyIdentifierType(10);
            } else {
                wSSecEncrypt.setUseKeyIdentifier(true);
                wSSecEncrypt.setKeyIdentifierType(6);
            }
            wSSecEncrypt.prepare(this.saaj.getSOAPPart(), encryptionCrypto);
            if (wSSecEncrypt.getBSTTokenId() != null) {
                wSSecEncrypt.prependBSTElementToHeader(this.secHeader);
            }
            Element encryptForExternalRef = wSSecEncrypt.encryptForExternalRef((Element) null, vector);
            if (z2) {
                insertBeforeBottomUp(encryptForExternalRef);
            } else {
                addDerivedKeyElement(encryptForExternalRef);
            }
            return wSSecEncrypt;
        } catch (WSSecurityException e) {
            policyNotAsserted(tokenWrapper, e.getMessage());
            return null;
        }
    }

    private byte[] doSignatureDK(Vector<WSEncryptionPart> vector, TokenWrapper tokenWrapper, Token token, SecurityToken securityToken, boolean z) throws WSSecurityException {
        SOAPPart sOAPPart = this.saaj.getSOAPPart();
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        if (tokenWrapper.getToken().getSPConstants() == SP12Constants.INSTANCE) {
            wSSecDKSign.setWscVersion(2);
        }
        boolean z2 = false;
        if (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == token.getInclusion() || SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == token.getInclusion() || (isRequestor() && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == token.getInclusion())) {
            z2 = true;
        }
        Element attachedReference = z2 ? securityToken.getAttachedReference() : securityToken.getUnattachedReference();
        if (attachedReference != null) {
            wSSecDKSign.setExternalKey(securityToken.getSecret(), (Element) this.saaj.getSOAPPart().importNode(attachedReference, true));
        } else if (isRequestor() || !token.isDerivedKeys()) {
            if (token instanceof SecureConversationToken) {
                wSSecDKSign.setTokenIdDirectId(true);
            }
            wSSecDKSign.setExternalKey(securityToken.getSecret(), securityToken.getId());
        } else {
            SecurityTokenReference securityTokenReference = new SecurityTokenReference(sOAPPart);
            if (securityToken.getSHA1() != null) {
                securityTokenReference.setKeyIdentifierEncKeySHA1(securityToken.getSHA1());
            }
            wSSecDKSign.setExternalKey(securityToken.getSecret(), securityTokenReference.getElement());
        }
        wSSecDKSign.setSignatureAlgorithm(this.sbinding.getAlgorithmSuite().getSymmetricSignature());
        wSSecDKSign.setDerivedKeyLength(this.sbinding.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
        if (securityToken.getSHA1() != null) {
            wSSecDKSign.setCustomValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
        } else {
            wSSecDKSign.setCustomValueType(securityToken.getTokenType());
        }
        try {
            wSSecDKSign.prepare(sOAPPart, this.secHeader);
            if (this.sbinding.isTokenProtection()) {
                String id = securityToken.getId();
                if (z) {
                    id = securityToken.getWsuId();
                    if (id == null) {
                        id = securityToken.getId();
                    }
                    if (id.startsWith("#")) {
                        id = id.substring(1);
                    }
                }
                vector.add(new WSEncryptionPart(id));
            }
            wSSecDKSign.setParts(vector);
            wSSecDKSign.addReferencesToSign(vector, this.secHeader);
            wSSecDKSign.computeSignature();
            addDerivedKeyElement(wSSecDKSign.getdktElement());
            insertBeforeBottomUp(wSSecDKSign.getSignatureElement());
            this.mainSigId = addWsuIdToElement(wSSecDKSign.getSignatureElement());
            return wSSecDKSign.getSignatureValue();
        } catch (ConversationException e) {
            throw new WSSecurityException(e.getMessage(), e);
        }
    }

    private byte[] doSignature(Vector<WSEncryptionPart> vector, TokenWrapper tokenWrapper, Token token, SecurityToken securityToken, boolean z) throws WSSecurityException {
        String id;
        if (token.isDerivedKeys()) {
            return doSignatureDK(vector, tokenWrapper, token, securityToken, z);
        }
        WSSecSignature wSSecSignature = new WSSecSignature();
        int i = z ? 9 : 11;
        if (token instanceof X509Token) {
            if (isRequestor()) {
                wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                wSSecSignature.setKeyIdentifierType(i);
            } else {
                wSSecSignature.setEncrKeySha1value(securityToken.getSHA1());
                wSSecSignature.setKeyIdentifierType(10);
            }
        } else if (securityToken.getTokenType() != null) {
            wSSecSignature.setCustomTokenValueType(securityToken.getTokenType());
            wSSecSignature.setKeyIdentifierType(i);
        } else {
            wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
            wSSecSignature.setKeyIdentifierType(12);
        }
        if (z) {
            id = securityToken.getWsuId();
            if (id == null) {
                if (token instanceof SecureConversationToken) {
                    wSSecSignature.setKeyIdentifierType(11);
                }
                id = securityToken.getId();
            }
            if (id.startsWith("#")) {
                id = id.substring(1);
            }
        } else {
            id = securityToken.getId();
        }
        wSSecSignature.setCustomTokenId(id);
        wSSecSignature.setSecretKey(securityToken.getSecret());
        wSSecSignature.setSignatureAlgorithm(this.sbinding.getAlgorithmSuite().getSymmetricSignature());
        Crypto encryptionCrypto = this.sbinding.getProtectionToken() != null ? getEncryptionCrypto(this.sbinding.getProtectionToken()) : getSignatureCrypto(tokenWrapper);
        this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, encryptionCrypto);
        wSSecSignature.prepare(this.saaj.getSOAPPart(), encryptionCrypto, this.secHeader);
        wSSecSignature.setParts(vector);
        wSSecSignature.addReferencesToSign(vector, this.secHeader);
        wSSecSignature.computeSignature();
        Element signatureElement = wSSecSignature.getSignatureElement();
        insertBeforeBottomUp(signatureElement);
        this.mainSigId = addWsuIdToElement(signatureElement);
        return wSSecSignature.getSignatureValue();
    }

    private String setupEncryptedKey(TokenWrapper tokenWrapper, Token token) throws WSSecurityException {
        WSSecEncryptedKey encryptedKeyBuilder = getEncryptedKeyBuilder(tokenWrapper, token);
        String id = encryptedKeyBuilder.getId();
        byte[] ephemeralKey = encryptedKeyBuilder.getEphemeralKey();
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.setTimeInMillis(System.currentTimeMillis() + 300000);
        SecurityToken securityToken = new SecurityToken(id, encryptedKeyBuilder.getEncryptedKeyElement(), calendar, calendar2);
        securityToken.setSecret(ephemeralKey);
        securityToken.setSHA1(getSHA1(encryptedKeyBuilder.getEncryptedEphemeralKey()));
        this.tokenStore.add(securityToken);
        String bSTTokenId = encryptedKeyBuilder.getBSTTokenId();
        if (bSTTokenId != null && bSTTokenId.length() > 0) {
            encryptedKeyBuilder.prependBSTElementToHeader(this.secHeader);
        }
        return id;
    }

    private String getEncryptedKey() {
        Vector vector = (Vector) this.message.getExchange().getInMessage().get("RECV_RESULTS");
        for (int i = 0; i < vector.size(); i++) {
            Vector results = ((WSHandlerResult) vector.get(i)).getResults();
            for (int i2 = 0; i2 < results.size(); i2++) {
                WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) results.get(i2);
                if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 4 && wSSecurityEngineResult.get("encrypted-key-id") != null && ((String) wSSecurityEngineResult.get("encrypted-key-id")).length() != 0) {
                    String str = (String) wSSecurityEngineResult.get("encrypted-key-id");
                    Calendar calendar = Calendar.getInstance();
                    Calendar calendar2 = Calendar.getInstance();
                    calendar2.setTimeInMillis(System.currentTimeMillis() + 300000);
                    SecurityToken securityToken = new SecurityToken(str, calendar, calendar2);
                    securityToken.setSecret((byte[]) wSSecurityEngineResult.get("decrypted-key"));
                    securityToken.setSHA1(getSHA1((byte[]) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
                    this.tokenStore.add(securityToken);
                    return str;
                }
            }
        }
        return null;
    }

    private String getSHA1(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            messageDigest.update(bArr);
            return Base64.encode(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }
}
