package com.sun.xml.ws.security.secconv;

import com.sun.xml.ws.api.WSBinding;
import com.sun.xml.ws.api.addressing.AddressingVersion;
import com.sun.xml.ws.api.message.Message;
import com.sun.xml.ws.api.message.Messages;
import com.sun.xml.ws.api.message.Packet;
import com.sun.xml.ws.api.model.wsdl.WSDLPort;
import com.sun.xml.ws.api.pipe.Engine;
import com.sun.xml.ws.api.pipe.Fiber;
import com.sun.xml.ws.api.security.secconv.client.SCTokenConfiguration;
import com.sun.xml.ws.api.security.trust.Claims;
import com.sun.xml.ws.api.security.trust.WSTrustException;
import com.sun.xml.ws.policy.AssertionSet;
import com.sun.xml.ws.policy.PolicyAssertion;
import com.sun.xml.ws.policy.impl.bindings.AppliesTo;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.impl.policy.PolicyUtil;
import com.sun.xml.ws.security.impl.policyconv.PolicyID;
import com.sun.xml.ws.security.impl.policyconv.SecurityPolicyUtil;
import com.sun.xml.ws.security.policy.AlgorithmSuite;
import com.sun.xml.ws.security.policy.Binding;
import com.sun.xml.ws.security.policy.SecureConversationToken;
import com.sun.xml.ws.security.policy.SecurityPolicyVersion;
import com.sun.xml.ws.security.policy.Token;
import com.sun.xml.ws.security.secconv.logging.LogDomainConstants;
import com.sun.xml.ws.security.secconv.logging.LogStringsMessages;
import com.sun.xml.ws.security.trust.WSTrustConstants;
import com.sun.xml.ws.security.trust.WSTrustElementFactory;
import com.sun.xml.ws.security.trust.WSTrustVersion;
import com.sun.xml.ws.security.trust.elements.AllowPostdating;
import com.sun.xml.ws.security.trust.elements.BaseSTSRequest;
import com.sun.xml.ws.security.trust.elements.BaseSTSResponse;
import com.sun.xml.ws.security.trust.elements.Entropy;
import com.sun.xml.ws.security.trust.elements.Lifetime;
import com.sun.xml.ws.security.trust.elements.Renewing;
import com.sun.xml.ws.security.trust.elements.RequestSecurityToken;
import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse;
import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponseCollection;
import com.sun.xml.ws.security.trust.util.WSTrustUtil;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SecureConversationTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.provider.wsit.WSITClientAuthContext;
import java.io.StringWriter;
import java.net.URI;
import java.security.SecureRandom;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.soap.SOAPException;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.ws.soap.SOAPFaultException;

/* loaded from: input_file:com/sun/xml/ws/security/secconv/WSSCPlugin.class */
public class WSSCPlugin {
    private static final int DEFAULT_KEY_SIZE = 256;
    private static final String SC_ASSERTION = "SecureConversationAssertion";
    private static final String FOR_CANCEL = "For Cancel";
    private Engine fiberEngine;
    private Packet packet = null;
    private static final Logger log = Logger.getLogger("com.sun.xml.ws.security.secconv", LogDomainConstants.WSSC_IMPL_DOMAIN_BUNDLE);
    private static SignaturePolicy renewSignaturePolicy = null;
    private static PolicyID pid = new PolicyID();
    private static Binding binding = null;

    public void process(IssuedTokenContext issuedTokenContext) {
        SCTokenConfiguration sCTokenConfiguration = (SCTokenConfiguration) issuedTokenContext.getSecurityPolicy().get(0);
        WSSCVersion wSSCVersion = WSSCVersion.getInstance(sCTokenConfiguration.getProtocol());
        WSTrustVersion wSTrustVersion = wSSCVersion.getNamespaceURI().equals(MessageConstants.WSSC_13NS) ? WSTrustVersion.WS_TRUST_13 : WSTrustVersion.WS_TRUST_10;
        this.packet = sCTokenConfiguration.getPacket();
        int i = 256;
        if (sCTokenConfiguration.isSymmetricBinding()) {
            i = sCTokenConfiguration.getKeySize();
            if (i < 1) {
                i = 256;
            }
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WSSC_1006_SYM_BIN_KEYSIZE(Integer.valueOf(i), 256));
            }
        }
        try {
            RequestSecurityToken createRequestSecurityToken = createRequestSecurityToken(sCTokenConfiguration, sCTokenConfiguration.getReqClientEntropy(), i);
            BaseSTSResponse sendRequest = sendRequest(sCTokenConfiguration, createRequestSecurityToken, issuedTokenContext.getEndpointAddress(), wSSCVersion.getSCTRequestAction());
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WSSC_1012_RECEIVED_SCT_RSTR_ISSUE(WSTrustUtil.elemToString(sendRequest, wSTrustVersion)));
            }
            try {
                processRequestSecurityTokenResponse(sCTokenConfiguration, createRequestSecurityToken, sendRequest, issuedTokenContext);
            } catch (WSSecureConversationException e) {
                throw new RuntimeException((Throwable) e);
            }
        } catch (WSSecureConversationException e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSSC_0024_ERROR_CREATING_RST(MessageConstants.EMPTY_STRING), e2);
            throw new RuntimeException(LogStringsMessages.WSSC_0024_ERROR_CREATING_RST(MessageConstants.EMPTY_STRING), e2);
        }
    }

    public void processRenew(IssuedTokenContext issuedTokenContext) {
        SCTokenConfiguration sCTokenConfiguration = (SCTokenConfiguration) issuedTokenContext.getSecurityPolicy().get(0);
        WSSCVersion wSSCVersion = WSSCVersion.getInstance(sCTokenConfiguration.getProtocol());
        WSTrustVersion wSTrustVersion = wSSCVersion.getNamespaceURI().equals(MessageConstants.WSSC_13NS) ? WSTrustVersion.WS_TRUST_13 : WSTrustVersion.WS_TRUST_10;
        this.packet = sCTokenConfiguration.getPacket();
        int i = 256;
        if (sCTokenConfiguration.isSymmetricBinding()) {
            i = sCTokenConfiguration.getKeySize();
            if (i < 1) {
                i = 256;
            }
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WSSC_1006_SYM_BIN_KEYSIZE(Integer.valueOf(i), 256));
            }
        }
        try {
            RequestSecurityToken createRequestSecurityTokenForRenew = createRequestSecurityTokenForRenew(issuedTokenContext, sCTokenConfiguration.getReqClientEntropy(), i);
            createRenewSignaturePolicy(sCTokenConfiguration.getSCToken());
            BaseSTSResponse sendRequest = sendRequest(sCTokenConfiguration, createRequestSecurityTokenForRenew, issuedTokenContext.getEndpointAddress(), wSSCVersion.getSCTRenewRequestAction());
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WSSC_1014_RECEIVED_SCT_RSTR_RENEW(WSTrustUtil.elemToString(sendRequest, wSTrustVersion)));
            }
            try {
                processRequestSecurityTokenResponse(sCTokenConfiguration, createRequestSecurityTokenForRenew, sendRequest, issuedTokenContext);
            } catch (WSSecureConversationException e) {
                throw new RuntimeException((Throwable) e);
            }
        } catch (WSSecureConversationException e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSSC_0024_ERROR_CREATING_RST(MessageConstants.EMPTY_STRING), e2);
            throw new RuntimeException(LogStringsMessages.WSSC_0024_ERROR_CREATING_RST(MessageConstants.EMPTY_STRING), e2);
        }
    }

    private BaseSTSResponse sendRequest(SCTokenConfiguration sCTokenConfiguration, BaseSTSRequest baseSTSRequest, String str, String str2) {
        RequestSecurityTokenResponse createRSTRFrom;
        WSSCVersion wSSCVersion = WSSCVersion.getInstance(sCTokenConfiguration.getProtocol());
        WSTrustVersion wSTrustVersion = wSSCVersion.getNamespaceURI().equals(MessageConstants.WSSC_13NS) ? WSTrustVersion.WS_TRUST_13 : WSTrustVersion.WS_TRUST_10;
        WSTrustElementFactory newInstance = WSTrustElementFactory.newInstance(wSTrustVersion);
        JAXBContext context = WSTrustElementFactory.getContext(wSTrustVersion);
        try {
            Marshaller createMarshaller = context.createMarshaller();
            Unmarshaller createUnmarshaller = context.createUnmarshaller();
            Message create = Messages.create(createMarshaller, newInstance.toJAXBElement(baseSTSRequest), sCTokenConfiguration.getWSBinding().getSOAPVersion());
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WSSC_1009_SEND_REQ_MESSAGE(printMessageAsString(create)));
            }
            Packet packet = new Packet(create);
            if (sCTokenConfiguration.getSCToken() != null) {
                packet.invocationProperties.put(SC_ASSERTION, sCTokenConfiguration.getSCToken());
            }
            if (sCTokenConfiguration.getPacket() != null) {
                for (WSTrustConstants.STS_PROPERTIES sts_properties : WSTrustConstants.STS_PROPERTIES.values()) {
                    packet.invocationProperties.put(sts_properties.toString(), sCTokenConfiguration.getPacket().invocationProperties.get(sts_properties.toString()));
                }
            }
            packet.endpointAddress = this.packet.endpointAddress;
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WSSC_1008_SET_EP_ADDRESS(str));
            }
            try {
                Packet addAddressingHeaders = addAddressingHeaders(packet, sCTokenConfiguration.getWSDLPort(), sCTokenConfiguration.getWSBinding(), str2, sCTokenConfiguration.getAddressingVersion());
                if (sCTokenConfiguration.getPacket() != null) {
                    addAddressingHeaders.contentNegotiation = sCTokenConfiguration.getPacket().contentNegotiation;
                }
                copyStandardSecurityProperties(sCTokenConfiguration.getPacket(), addAddressingHeaders);
                Packet packet2 = null;
                if (sCTokenConfiguration.getClientTube() != null) {
                    packet2 = sCTokenConfiguration.getClientTube().processClientResponsePacket(getFiberEngine().createFiber().runSync(sCTokenConfiguration.getNextTube(), sCTokenConfiguration.getClientTube().processClientRequestPacket(addAddressingHeaders)));
                } else {
                    WSITClientAuthContext wSITClientAuthContext = (WSITClientAuthContext) sCTokenConfiguration.getOtherOptions().get(MessageConstants.WSIT_CLIENT_AUTHCONTEXT);
                    if (wSITClientAuthContext != null) {
                        try {
                            packet2 = wSITClientAuthContext.secureRequest(addAddressingHeaders, null, true);
                        } catch (XWSSecurityException e) {
                            throw new RuntimeException((Throwable) e);
                        }
                    }
                }
                Message message = packet2.getMessage();
                if (message.isFault()) {
                    try {
                        throw new SOAPFaultException(message.readAsSOAPMessage().getSOAPBody().getFault());
                    } catch (SOAPException e2) {
                        log.log(Level.SEVERE, LogStringsMessages.WSSC_0022_PROBLEM_CREATING_FAULT(), e2);
                        throw new RuntimeException(LogStringsMessages.WSSC_0022_PROBLEM_CREATING_FAULT(), e2);
                    }
                }
                try {
                    JAXBElement jAXBElement = (JAXBElement) message.readPayloadAsJAXB(createUnmarshaller);
                    if (wSSCVersion.getNamespaceURI().equals(WSSCVersion.WSSC_13.getNamespaceURI())) {
                        try {
                            createRSTRFrom = newInstance.createRSTRCollectionFrom(jAXBElement);
                        } catch (Exception e3) {
                            createRSTRFrom = newInstance.createRSTRFrom(jAXBElement);
                        }
                    } else {
                        createRSTRFrom = newInstance.createRSTRFrom(jAXBElement);
                    }
                    return createRSTRFrom;
                } catch (JAXBException e4) {
                    log.log(Level.SEVERE, LogStringsMessages.WSSC_0018_ERR_JAXB_RSTR(), e4);
                    throw new RuntimeException(LogStringsMessages.WSSC_0018_ERR_JAXB_RSTR(), e4);
                }
            } catch (WSSecureConversationException e5) {
                log.log(Level.SEVERE, LogStringsMessages.WSSC_0017_PROBLEM_ADD_ADDRESS_HEADERS(), e5);
                throw new RuntimeException(LogStringsMessages.WSSC_0017_PROBLEM_ADD_ADDRESS_HEADERS(), e5);
            }
        } catch (JAXBException e6) {
            log.log(Level.SEVERE, "WSSC0016.problem.mar.unmar", e6);
            throw new RuntimeException("Problem creating JAXB Marshaller/Unmarshaller", e6);
        }
    }

    private AssertionSet getAssertions(SecureConversationToken secureConversationToken) {
        return secureConversationToken.getBootstrapPolicy().getAssertionSet();
    }

    public void processCancellation(IssuedTokenContext issuedTokenContext) {
        SCTokenConfiguration sCTokenConfiguration = (SCTokenConfiguration) issuedTokenContext.getSecurityPolicy().get(0);
        WSSCVersion wSSCVersion = WSSCVersion.getInstance(sCTokenConfiguration.getProtocol());
        WSTrustVersion wSTrustVersion = wSSCVersion.getNamespaceURI().equals(MessageConstants.WSSC_13NS) ? WSTrustVersion.WS_TRUST_13 : WSTrustVersion.WS_TRUST_10;
        this.packet = sCTokenConfiguration.getPacket();
        try {
            RequestSecurityToken createRequestSecurityTokenForCancel = createRequestSecurityTokenForCancel(sCTokenConfiguration, issuedTokenContext);
            BaseSTSResponse sendRequest = sendRequest(sCTokenConfiguration, createRequestSecurityTokenForCancel, issuedTokenContext.getEndpointAddress(), wSSCVersion.getSCTCancelRequestAction());
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WSSC_1016_RECEIVED_SCT_RSTR_CANCEL(WSTrustUtil.elemToString(sendRequest, wSTrustVersion)));
            }
            try {
                processRequestSecurityTokenResponse(sCTokenConfiguration, createRequestSecurityTokenForCancel, sendRequest, issuedTokenContext);
            } catch (WSSecureConversationException e) {
                log.log(Level.SEVERE, LogStringsMessages.WSSC_0020_PROBLEM_CREATING_RSTR(), e);
                throw new RuntimeException(LogStringsMessages.WSSC_0020_PROBLEM_CREATING_RSTR(), e);
            }
        } catch (WSSecureConversationException e2) {
            log.log(Level.SEVERE, LogStringsMessages.WSSC_0024_ERROR_CREATING_RST(FOR_CANCEL), e2);
            throw new RuntimeException(LogStringsMessages.WSSC_0024_ERROR_CREATING_RST(FOR_CANCEL), e2);
        }
    }

    private RequestSecurityToken createRequestSecurityToken(SCTokenConfiguration sCTokenConfiguration, boolean z, int i) throws WSSecureConversationException {
        WSSCVersion wSSCVersion = WSSCVersion.getInstance(sCTokenConfiguration.getProtocol());
        WSTrustVersion wSTrustVersion = wSSCVersion.getNamespaceURI().equals(MessageConstants.WSSC_13NS) ? WSTrustVersion.WS_TRUST_13 : WSTrustVersion.WS_TRUST_10;
        WSTrustElementFactory newInstance = WSTrustElementFactory.newInstance(wSTrustVersion);
        URI create = URI.create(wSSCVersion.getSCTTokenTypeURI());
        URI create2 = URI.create(wSTrustVersion.getIssueRequestTypeURI());
        byte[] bArr = new byte[i / 8];
        new SecureRandom().nextBytes(bArr);
        Entropy createEntropy = z ? newInstance.createEntropy(newInstance.createBinarySecret(bArr, wSTrustVersion.getNonceBinarySecretTypeURI())) : null;
        Lifetime lifetime = null;
        if (sCTokenConfiguration.getSCTokenTimeout() > 0) {
            lifetime = WSTrustUtil.createLifetime(WSTrustUtil.getCurrentTimeWithOffset(), sCTokenConfiguration.getSCTokenTimeout(), wSTrustVersion);
        }
        try {
            RequestSecurityToken createRSTForIssue = newInstance.createRSTForIssue(create, create2, (URI) null, (AppliesTo) null, (Claims) null, createEntropy, lifetime);
            createRSTForIssue.setKeySize(i);
            createRSTForIssue.setKeyType(URI.create(wSTrustVersion.getSymmetricKeyTypeURI()));
            createRSTForIssue.setComputedKeyAlgorithm(URI.create(wSTrustVersion.getCKPSHA1algorithmURI()));
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WSSC_1011_CREATED_SCT_RST_ISSUE(WSTrustUtil.elemToString((BaseSTSRequest) createRSTForIssue, wSTrustVersion)));
            }
            return createRSTForIssue;
        } catch (WSTrustException e) {
            throw new WSSecureConversationException(e);
        }
    }

    private RequestSecurityToken createRequestSecurityTokenForRenew(IssuedTokenContext issuedTokenContext, boolean z, int i) throws WSSecureConversationException {
        SCTokenConfiguration sCTokenConfiguration = (SCTokenConfiguration) issuedTokenContext.getSecurityPolicy().get(0);
        WSSCVersion wSSCVersion = WSSCVersion.getInstance(sCTokenConfiguration.getProtocol());
        WSTrustVersion wSTrustVersion = wSSCVersion.getNamespaceURI().equals(MessageConstants.WSSC_13NS) ? WSTrustVersion.WS_TRUST_13 : WSTrustVersion.WS_TRUST_10;
        WSTrustElementFactory newInstance = WSTrustElementFactory.newInstance(wSTrustVersion);
        URI create = URI.create(wSSCVersion.getSCTTokenTypeURI());
        URI create2 = URI.create(wSTrustVersion.getRenewRequestTypeURI());
        byte[] bArr = new byte[i / 8];
        new SecureRandom().nextBytes(bArr);
        Entropy createEntropy = z ? newInstance.createEntropy(newInstance.createBinarySecret(bArr, wSTrustVersion.getNonceBinarySecretTypeURI())) : null;
        try {
            RequestSecurityToken createRSTForRenew = newInstance.createRSTForRenew(create, create2, (URI) null, newInstance.createRenewTarget(issuedTokenContext.getUnAttachedSecurityTokenReference()), (AllowPostdating) null, (Renewing) null);
            createRSTForRenew.setEntropy(createEntropy);
            createRSTForRenew.setKeySize(i);
            createRSTForRenew.setKeyType(URI.create(wSTrustVersion.getSymmetricKeyTypeURI()));
            createRSTForRenew.setComputedKeyAlgorithm(URI.create(wSTrustVersion.getCKPSHA1algorithmURI()));
            if (sCTokenConfiguration.getSCTokenTimeout() > 0) {
                createRSTForRenew.setLifetime(WSTrustUtil.createLifetime(WSTrustUtil.getCurrentTimeWithOffset(), sCTokenConfiguration.getSCTokenTimeout(), wSTrustVersion));
            }
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WSSC_1013_CREATED_SCT_RST_RENEW(WSTrustUtil.elemToString((BaseSTSRequest) createRSTForRenew, wSTrustVersion)));
            }
            return createRSTForRenew;
        } catch (WSTrustException e) {
            throw new WSSecureConversationException(e);
        }
    }

    private RequestSecurityToken createRequestSecurityTokenForCancel(SCTokenConfiguration sCTokenConfiguration, IssuedTokenContext issuedTokenContext) throws WSSecureConversationException {
        WSTrustVersion wSTrustVersion = WSSCVersion.getInstance(sCTokenConfiguration.getProtocol()).getNamespaceURI().equals(MessageConstants.WSSC_13NS) ? WSTrustVersion.WS_TRUST_13 : WSTrustVersion.WS_TRUST_10;
        WSTrustElementFactory newInstance = WSTrustElementFactory.newInstance(wSTrustVersion);
        RequestSecurityToken createRSTForCancel = newInstance.createRSTForCancel(URI.create(wSTrustVersion.getCancelRequestTypeURI()), newInstance.createCancelTarget(issuedTokenContext.getUnAttachedSecurityTokenReference()));
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, LogStringsMessages.WSSC_1015_CREATED_SCT_RST_CANCEL(WSTrustUtil.elemToString((BaseSTSRequest) createRSTForCancel, wSTrustVersion)));
        }
        return createRSTForCancel;
    }

    private void processRequestSecurityTokenResponse(SCTokenConfiguration sCTokenConfiguration, BaseSTSRequest baseSTSRequest, BaseSTSResponse baseSTSResponse, IssuedTokenContext issuedTokenContext) throws WSSecureConversationException {
        WSSCVersion wSSCVersion = WSSCVersion.getInstance(sCTokenConfiguration.getProtocol());
        WSSCClientContract newWSSCClientContract = WSSCFactory.newWSSCClientContract();
        if (!wSSCVersion.getNamespaceURI().equals(WSSCVersion.WSSC_13.getNamespaceURI())) {
            newWSSCClientContract.handleRSTR((RequestSecurityToken) baseSTSRequest, (RequestSecurityTokenResponse) baseSTSResponse, issuedTokenContext);
            return;
        }
        try {
            newWSSCClientContract.handleRSTRC((RequestSecurityToken) baseSTSRequest, (RequestSecurityTokenResponseCollection) baseSTSResponse, issuedTokenContext);
        } catch (Exception e) {
            newWSSCClientContract.handleRSTR((RequestSecurityToken) baseSTSRequest, (RequestSecurityTokenResponse) baseSTSResponse, issuedTokenContext);
        }
    }

    private String printMessageAsString(Message message) {
        StringWriter stringWriter = new StringWriter();
        try {
            XMLStreamWriter createXMLStreamWriter = XMLOutputFactory.newInstance().createXMLStreamWriter(stringWriter);
            message.writeTo(createXMLStreamWriter);
            createXMLStreamWriter.flush();
            return stringWriter.toString();
        } catch (XMLStreamException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSSC_0025_PROBLEM_PRINTING_MSG(), e);
            throw new RuntimeException(LogStringsMessages.WSSC_0025_PROBLEM_PRINTING_MSG(), e);
        }
    }

    private Packet addAddressingHeaders(Packet packet, WSDLPort wSDLPort, WSBinding wSBinding, String str, AddressingVersion addressingVersion) throws WSSecureConversationException {
        packet.getMessage().getHeaders().fillRequestAddressingHeaders(packet, addressingVersion, wSBinding.getSOAPVersion(), false, str);
        return packet;
    }

    private void copyStandardSecurityProperties(Packet packet, Packet packet2) {
        for (String str : packet.invocationProperties.keySet()) {
            packet2.invocationProperties.put(str, packet.invocationProperties.get(str));
        }
    }

    private void createRenewSignaturePolicy(Token token) {
        renewSignaturePolicy = new SignaturePolicy();
        renewSignaturePolicy.setUUID("_99");
        SecurityPolicyVersion securityPolicyVersion = token.getSecurityPolicyVersion();
        SecureConversationTokenKeyBinding secureConversationTokenKeyBinding = new SecureConversationTokenKeyBinding();
        SecureConversationToken secureConversationToken = (SecureConversationToken) token;
        if (secureConversationToken.isRequireDerivedKeys()) {
            DerivedTokenKeyBinding derivedTokenKeyBinding = new DerivedTokenKeyBinding();
            derivedTokenKeyBinding.setOriginalKeyBinding(secureConversationTokenKeyBinding);
            renewSignaturePolicy.setKeyBinding(derivedTokenKeyBinding);
            derivedTokenKeyBinding.setUUID("_100");
        } else {
            renewSignaturePolicy.setKeyBinding(secureConversationTokenKeyBinding);
        }
        if (securityPolicyVersion == SecurityPolicyVersion.SECURITYPOLICY200507) {
            secureConversationTokenKeyBinding.setIncludeToken(token.getIncludeToken());
        } else {
            secureConversationTokenKeyBinding.setIncludeToken(SecurityPolicyVersion.SECURITYPOLICY200507.includeTokenAlwaysToRecipient);
        }
        secureConversationTokenKeyBinding.setUUID(token.getTokenId());
        Iterator it = getAssertions(secureConversationToken).iterator();
        while (it.hasNext()) {
            Binding binding2 = (PolicyAssertion) it.next();
            if (PolicyUtil.isBinding(binding2, securityPolicyVersion)) {
                binding = binding2;
            }
        }
        SecurityPolicyUtil.setCanonicalizationMethod((SignaturePolicy.FeatureBinding) renewSignaturePolicy.getFeatureBinding(), binding.getAlgorithmSuite());
    }

    public SignaturePolicy getRenewSignaturePolicy() {
        return renewSignaturePolicy;
    }

    public AlgorithmSuite getAlgorithmSuite() {
        return binding.getAlgorithmSuite();
    }

    private SecurityPolicyVersion getSPVersion(PolicyAssertion policyAssertion) {
        String namespaceURI = policyAssertion.getName().getNamespaceURI();
        SecurityPolicyVersion securityPolicyVersion = SecurityPolicyVersion.SECURITYPOLICY200507;
        if (SecurityPolicyVersion.SECURITYPOLICY12NS.namespaceUri.equals(namespaceURI)) {
            securityPolicyVersion = SecurityPolicyVersion.SECURITYPOLICY12NS;
        }
        return securityPolicyVersion;
    }

    private Engine getFiberEngine() {
        if (this.fiberEngine == null) {
            this.fiberEngine = Fiber.current().owner;
        }
        return this.fiberEngine;
    }
}
