package com.sun.identity.wss.security.handler;

import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml.xmlsig.XMLSignatureException;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2SDKUtils;
import com.sun.identity.shared.DateUtils;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.xml.XMLUtils;
import com.sun.identity.wss.logging.LogUtil;
import com.sun.identity.wss.security.AssertionToken;
import com.sun.identity.wss.security.BinarySecurityToken;
import com.sun.identity.wss.security.SAML2Token;
import com.sun.identity.wss.security.SAML2TokenUtils;
import com.sun.identity.wss.security.SecurityException;
import com.sun.identity.wss.security.SecurityMechanism;
import com.sun.identity.wss.security.SecurityToken;
import com.sun.identity.wss.security.UserNameToken;
import com.sun.identity.wss.security.WSSConstants;
import com.sun.identity.wss.security.WSSUtils;
import com.sun.identity.xmlenc.EncryptionException;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.ResourceBundle;
import java.util.logging.Level;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/wss/security/handler/SecureSOAPMessage.class */
public class SecureSOAPMessage {
    private SOAPMessage soapMessage;
    private SecurityToken securityToken;
    private SecurityMechanism securityMechanism;
    private boolean create;
    private Element wsseHeader;
    private X509Certificate messageCertificate;
    private static Debug debug = WSSUtils.debug;
    private static ResourceBundle bundle = WSSUtils.bundle;
    private String server_proto;
    private String server_host;
    private String server_port;
    private List signingIds;
    private String messageID;
    private long msgTimestamp;
    private SecurityContext securityContext;
    private String clientDnsClaim;
    private List signedElements;

    public SecureSOAPMessage(SOAPMessage sOAPMessage, boolean z) throws SecurityException {
        this(sOAPMessage, z, new ArrayList());
    }

    public SecureSOAPMessage(SOAPMessage sOAPMessage, boolean z, List list) throws SecurityException {
        this.soapMessage = null;
        this.securityToken = null;
        this.securityMechanism = null;
        this.create = false;
        this.wsseHeader = null;
        this.messageCertificate = null;
        this.server_proto = SystemConfigurationUtil.getProperty("com.iplanet.am.server.protocol");
        this.server_host = SystemConfigurationUtil.getProperty("com.iplanet.am.server.host");
        this.server_port = SystemConfigurationUtil.getProperty("com.iplanet.am.server.port");
        this.signingIds = new ArrayList();
        this.messageID = null;
        this.msgTimestamp = 0L;
        this.securityContext = null;
        this.clientDnsClaim = null;
        this.signedElements = new ArrayList();
        this.soapMessage = sOAPMessage;
        this.create = z;
        this.signedElements = list;
        if (debug.messageEnabled()) {
            debug.message("SecureSOAPMessage.Input SOAP message : " + WSSUtils.print(sOAPMessage.getSOAPPart()));
        }
        if (z) {
            sOAPMessage.getSOAPPart().normalize();
            if (debug.messageEnabled()) {
                debug.message("SecureSOAPMessage.Input SOAP message After normalization: " + WSSUtils.print(sOAPMessage.getSOAPPart()));
            }
            addNameSpaces();
            addSecurityHeader();
        } else {
            parseSOAPMessage(sOAPMessage);
        }
        if (debug.messageEnabled()) {
            debug.message("SecureSOAPMessage.Output SOAP message: " + WSSUtils.print(sOAPMessage.getSOAPPart()));
        }
    }

    public Element getSecurityHeaderElement() {
        return this.wsseHeader;
    }

    public SOAPMessage getSOAPMessage() {
        return this.soapMessage;
    }

    public void setSOAPMessage(SOAPMessage sOAPMessage) {
        this.soapMessage = sOAPMessage;
    }

    private void parseSOAPMessage(SOAPMessage sOAPMessage) throws SecurityException {
        NodeList elementsByTagNameNS;
        try {
            SOAPHeader header = sOAPMessage.getSOAPPart().getEnvelope().getHeader();
            if (header == null && debug.messageEnabled()) {
                debug.message("SecureSOAPMessage.parseSOAPMessage: No SOAP header found.");
            }
            NodeList childNodes = header.getChildNodes();
            if ((childNodes == null || childNodes.getLength() == 0) && debug.messageEnabled()) {
                debug.message("SecureSOAPMessage.parseSOAPMessage: No security header found.");
            }
            for (int i = 0; i < childNodes.getLength(); i++) {
                Node item = childNodes.item(i);
                if (item.getNodeType() == 1) {
                    String localName = item.getLocalName();
                    String namespaceURI = item.getNamespaceURI();
                    if ("Security".equals(localName) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(namespaceURI)) {
                        this.wsseHeader = (Element) item;
                    }
                    if ("MessageID".equals(localName) && "http://www.w3.org/2005/08/addressing".equals(namespaceURI)) {
                        this.messageID = XMLUtils.getElementValue((Element) item);
                    }
                    if ("From".equals(localName) && "http://www.w3.org/2005/08/addressing".equals(namespaceURI) && (elementsByTagNameNS = ((Element) item).getElementsByTagNameNS(WSSConstants.WSID_NS, WSSConstants.DNS_CLAIM)) != null && elementsByTagNameNS.getLength() != 0) {
                        this.clientDnsClaim = XMLUtils.getElementValue((Element) elementsByTagNameNS.item(0));
                    }
                }
            }
        } catch (SOAPException e) {
            debug.error("SecureSOAPMessage.parseSOAPMessage: SOAPException in parsing the headers.", e);
            LogUtil.error(Level.INFO, LogUtil.ERROR_PARSING_SOAP_HEADERS, new String[]{e.getLocalizedMessage()}, null);
            throw new SecurityException(e.getMessage());
        }
    }

    public void parseSecurityHeader(Node node) throws SecurityException {
        this.securityMechanism = SecurityMechanism.WSS_NULL_ANONYMOUS;
        if (node != null) {
            NodeList childNodes = node.getChildNodes();
            for (int i = 0; i < childNodes.getLength(); i++) {
                Node item = childNodes.item(i);
                if (item.getNodeType() == 1) {
                    String localName = item.getLocalName();
                    String namespaceURI = item.getNamespaceURI();
                    if ("Assertion".equals(localName) && "urn:oasis:names:tc:SAML:1.0:assertion".equals(namespaceURI)) {
                        if (debug.messageEnabled()) {
                            debug.message("SecureSOAPMessage.parseSecurityHeader:: Assertion token found in the security header.");
                        }
                        try {
                            this.securityToken = new AssertionToken((Element) item);
                            AssertionToken assertionToken = (AssertionToken) this.securityToken;
                            if (assertionToken.isSenderVouches()) {
                                this.securityMechanism = SecurityMechanism.WSS_NULL_SAML_SV;
                            } else {
                                this.securityMechanism = SecurityMechanism.WSS_NULL_SAML_HK;
                            }
                            this.messageCertificate = WSSUtils.getCertificate(assertionToken);
                        } catch (SAMLException e) {
                            debug.error("SecureSOAPMessage.parseSecurityHeader: unable to parse the token", e);
                            throw new SecurityException(e.getMessage());
                        }
                    } else if ("Assertion".equals(localName) && "urn:oasis:names:tc:SAML:2.0:assertion".equals(namespaceURI)) {
                        if (debug.messageEnabled()) {
                            debug.message("SecureSOAPMessage.parseSecurityHeader:: SAML2 token found in the security header.");
                        }
                        try {
                            this.securityToken = new SAML2Token((Element) item);
                            SAML2Token sAML2Token = (SAML2Token) this.securityToken;
                            if (sAML2Token.isSenderVouches()) {
                                this.securityMechanism = SecurityMechanism.WSS_NULL_SAML2_SV;
                            } else {
                                this.securityMechanism = SecurityMechanism.WSS_NULL_SAML2_HK;
                            }
                            this.messageCertificate = SAML2TokenUtils.getCertificate(sAML2Token);
                        } catch (SAML2Exception e2) {
                            debug.error("SecureSOAPMessage.parseSecurityHeader: unable to parse the token", e2);
                            throw new SecurityException(e2.getMessage());
                        }
                    } else if ("BinarySecurityToken".equals(localName) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(namespaceURI)) {
                        if (debug.messageEnabled()) {
                            debug.message("SecureSOAPMessage.parseSecurityHeader:: binary token found in the security header.");
                        }
                        this.securityToken = new BinarySecurityToken((Element) item);
                        String tokenType = this.securityToken.getTokenType();
                        SecurityToken securityToken = this.securityToken;
                        if (tokenType.equals(SecurityToken.WSS_KERBEROS_TOKEN)) {
                            this.securityMechanism = SecurityMechanism.WSS_NULL_KERBEROS_TOKEN;
                        } else {
                            this.securityMechanism = SecurityMechanism.WSS_NULL_X509_TOKEN;
                            this.messageCertificate = WSSUtils.getCertificate(this.securityToken);
                        }
                    } else if ("UsernameToken".equals(localName) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(namespaceURI)) {
                        if (debug.messageEnabled()) {
                            debug.message("SecureSOAPMessage.parseSecurityHeader:: username token found in the security header.");
                        }
                        this.securityToken = new UserNameToken((Element) item);
                        String passwordType = ((UserNameToken) this.securityToken).getPasswordType();
                        if (passwordType != null) {
                            if (passwordType.equals(WSSConstants.PASSWORD_DIGEST_TYPE)) {
                                this.securityMechanism = SecurityMechanism.WSS_NULL_USERNAME_TOKEN;
                            } else if (passwordType.equals(WSSConstants.PASSWORD_PLAIN_TYPE)) {
                                this.securityMechanism = SecurityMechanism.WSS_NULL_USERNAME_TOKEN_PLAIN;
                            }
                        }
                    } else if ("Signature".equals(localName) && "http://www.w3.org/2000/09/xmldsig#".equals(namespaceURI)) {
                        if (this.securityToken == null) {
                            this.messageCertificate = WSSUtils.getMessageCertificate((Element) node);
                            if (this.messageCertificate != null) {
                                this.securityMechanism = SecurityMechanism.WSS_NULL_X509_TOKEN;
                            }
                        }
                    } else if (WSSConstants.TIME_STAMP.equals(localName) || "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(namespaceURI)) {
                        if (!validateTimestamp((Element) item)) {
                            throw new SecurityException(bundle.getString("invalidTimestamp"));
                        }
                    } else if (debug.messageEnabled()) {
                        debug.message("SecureSOAPMessage.parseSecurityHeader: ignore header element, " + localName);
                    }
                }
            }
        }
    }

    public SecurityMechanism getSecurityMechanism() {
        return this.securityMechanism;
    }

    public void setSecurityMechanism(SecurityMechanism securityMechanism) {
        this.securityMechanism = securityMechanism;
    }

    public void setSecurityToken(SecurityToken securityToken) throws SecurityException {
        if (this.wsseHeader == null) {
            debug.error("SecureSOAPMessage.setSecurityToken:: WSSE security Header is not found in the Secure SOAP Message.");
            throw new SecurityException(bundle.getString("securityHeaderNotFound"));
        }
        this.securityToken = securityToken;
        String tokenType = this.securityToken.getTokenType();
        if (SecurityToken.WSS_USERNAME_TOKEN.equals(tokenType)) {
            UserNameToken userNameToken = (UserNameToken) this.securityToken;
            if (this.signedElements.contains(WSSConstants.SECURITY_TOKEN)) {
                this.signingIds.add(userNameToken.getSigningId());
            }
        } else if (SecurityToken.WSS_X509_TOKEN.equals(tokenType)) {
            BinarySecurityToken binarySecurityToken = (BinarySecurityToken) this.securityToken;
            if (this.signedElements.contains(WSSConstants.SECURITY_TOKEN)) {
                this.signingIds.add(binarySecurityToken.getSigningId());
            }
        }
        WSSUtils.prependChildElement(this.wsseHeader, (Element) this.soapMessage.getSOAPPart().importNode(securityToken.toDocumentElement(), true), true, this.soapMessage.getSOAPPart());
        try {
            this.soapMessage.saveChanges();
        } catch (SOAPException e) {
            debug.error("SecureSOAPMessage.setSecurityToken: SOAPException", e);
            throw new SecurityException(e.getMessage());
        }
    }

    public SecurityToken getSecurityToken() {
        return this.securityToken;
    }

    public SecurityContext getSecurityContext() {
        return this.securityContext;
    }

    public void setSecurityContext(SecurityContext securityContext) {
        this.securityContext = securityContext;
    }

    private void addNameSpaces() throws SecurityException {
        try {
            SOAPEnvelope envelope = this.soapMessage.getSOAPPart().getEnvelope();
            envelope.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            SOAPBody body = envelope.getBody();
            body.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            body.setAttribute("wsu:Id", SAMLUtils.generateID());
        } catch (SOAPException e) {
            debug.error("SecureSOAPMessage.addNameSpaces:: Could not add Name spaces. ", e);
            throw new SecurityException(bundle.getString("nameSpaceAdditionfailure"));
        }
    }

    private void addSecurityHeader() throws SecurityException {
        if (debug.messageEnabled()) {
            debug.message("SecureSOAPMessage.addSecurityHeader:: preparing the security header");
        }
        try {
            SOAPPart sOAPPart = this.soapMessage.getSOAPPart();
            SOAPEnvelope envelope = this.soapMessage.getSOAPPart().getEnvelope();
            SOAPHeader header = envelope.getHeader();
            if (header == null) {
                header = envelope.addHeader();
            }
            checkForAddressingHeaders();
            this.wsseHeader = sOAPPart.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Security");
            this.wsseHeader.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
            this.wsseHeader.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            this.wsseHeader.setAttributeNS("http://www.w3.org/2000/xmlns/", WSSConstants.TAG_XML_WSSE11, WSSConstants.WSSE11_NS);
            String prefix = envelope.getPrefix();
            if (prefix != null) {
                this.wsseHeader.setAttribute(prefix + ":mustUnderstand", "1");
            }
            Element createElementNS = sOAPPart.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Timestamp");
            String generateID = SAMLUtils.generateID();
            if (this.signedElements.contains(WSSConstants.TIME_STAMP) && this.signingIds != null) {
                this.signingIds.add(generateID);
            }
            createElementNS.setAttribute("wsu:Id", generateID);
            this.wsseHeader.appendChild(createElementNS);
            Element createElementNS2 = sOAPPart.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Created");
            Date date = new Date();
            Date date2 = new Date();
            date2.setTime(date.getTime() + 300000);
            createElementNS2.appendChild(sOAPPart.createTextNode(DateUtils.toUTCDateFormat(date)));
            createElementNS.appendChild(createElementNS2);
            Element createElementNS3 = sOAPPart.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Expires");
            createElementNS3.appendChild(sOAPPart.createTextNode(DateUtils.toUTCDateFormat(date2)));
            createElementNS.appendChild(createElementNS3);
            header.appendChild(this.wsseHeader);
        } catch (SOAPException e) {
            debug.error("SecureSOAPMessage.addSecurityHeader:: SOAPException while adding the security header.", e);
            LogUtil.error(Level.INFO, LogUtil.ERROR_ADDING_SECURITY_HEADER, new String[]{e.getLocalizedMessage()}, null);
            throw new SecurityException(bundle.getString("addSecurityHeaderFailed"));
        }
    }

    private void checkForAddressingHeaders() throws SecurityException {
        try {
            Iterator childElements = this.soapMessage.getSOAPHeader().getChildElements();
            while (childElements.hasNext()) {
                Object next = childElements.next();
                if (next instanceof Element) {
                    Element element = (Element) next;
                    String localName = element.getLocalName();
                    if ("http://www.w3.org/2005/08/addressing".equals(element.getNamespaceURI()) && (localName.equals(WSSConstants.TO) || localName.equals("From") || localName.equals("MessageID") || localName.equals(SAML2SDKUtils.ACTION))) {
                        element.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                        String generateID = SAMLUtils.generateID();
                        element.setAttribute("wsu:Id", generateID);
                        if (this.signedElements.contains(localName)) {
                            this.signingIds.add(generateID);
                        }
                    }
                }
            }
        } catch (SOAPException e) {
            debug.error("SecureSOAPMessage.addNameSpaces:: Could not add Name spaces. ", e);
            throw new SecurityException(bundle.getString("nameSpaceAdditionfailure"));
        }
    }

    public void sign() throws SecurityException {
        if (debug.messageEnabled()) {
            debug.message("SecureSOAPMessage.sign:: Before Signing : " + WSSUtils.print(this.soapMessage.getSOAPPart()));
        }
        Document document = toDocument();
        String str = null;
        if (this.securityToken != null) {
            str = this.securityToken.getTokenType();
        } else if (this.securityMechanism != null && this.securityMechanism.getURI().equals(SecurityMechanism.WSS_NULL_X509_TOKEN_URI)) {
            str = SecurityToken.WSS_X509_TOKEN;
        }
        if (SecurityToken.WSS_SAML_TOKEN.equals(str) || SecurityToken.WSS_SAML2_TOKEN.equals(str)) {
            signWithAssertion(document);
        } else if (SecurityToken.WSS_X509_TOKEN.equals(str)) {
            signWithBinaryToken(document, this.securityContext.getSigningCertAlias(), this.securityContext.getSigningRef());
        } else if (SecurityToken.WSS_USERNAME_TOKEN.equals(str) || null == this.securityToken) {
            signWithUNToken(document, this.securityContext.getSigningCertAlias());
        } else if (SecurityToken.WSS_KERBEROS_TOKEN.equals(str)) {
            signWithKerberosToken(document);
        } else {
            debug.error("SecureSOAPMessage.sign:: Invalid token type for XML signing.");
        }
        if (debug.messageEnabled()) {
            debug.message("SecureSOAPMessage.sign:: After Signing : " + WSSUtils.print(this.soapMessage.getSOAPPart()));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v43, types: [java.security.Key] */
    private void signWithAssertion(Document document) throws SecurityException {
        XMLSignatureManager xMLSignatureManager = WSSUtils.getXMLSignatureManager();
        KeyProvider keyProvider = xMLSignatureManager.getKeyProvider();
        X509Certificate x509Certificate = null;
        String uri = this.securityMechanism.getURI();
        boolean z = "SymmetricKey".equals(this.securityContext.getKeyType());
        if (SecurityMechanism.WSS_NULL_SAML_HK_URI.equals(uri) || SecurityMechanism.WSS_TLS_SAML_HK_URI.equals(uri) || SecurityMechanism.WSS_CLIENT_TLS_SAML_HK_URI.equals(uri)) {
            if (!z) {
                x509Certificate = WSSUtils.getCertificate(this.securityToken);
            }
        } else if (SecurityMechanism.WSS_NULL_SAML2_HK_URI.equals(uri) || SecurityMechanism.WSS_TLS_SAML2_HK_URI.equals(uri) || SecurityMechanism.WSS_CLIENT_TLS_SAML2_HK_URI.equals(uri)) {
            if (!z) {
                x509Certificate = SAML2TokenUtils.getCertificate(this.securityToken);
            }
        } else if (SecurityMechanism.WSS_NULL_SAML_SV_URI.equals(uri) || SecurityMechanism.WSS_TLS_SAML_SV_URI.equals(uri) || SecurityMechanism.WSS_CLIENT_TLS_SAML_SV_URI.equals(uri) || SecurityMechanism.WSS_NULL_SAML2_SV_URI.equals(uri) || SecurityMechanism.WSS_TLS_SAML2_SV_URI.equals(uri) || SecurityMechanism.WSS_CLIENT_TLS_SAML2_SV_URI.equals(uri)) {
            x509Certificate = keyProvider.getX509Certificate(this.securityContext.getSigningCertAlias());
        } else {
            if (!SecurityMechanism.STS_SECURITY_URI.equals(uri)) {
                debug.error("SecureSOAPMessage.signWithSAMLAssertion:: Unknown security mechanism");
                throw new SecurityException(bundle.getString("unknownSecurityMechanism"));
            }
            if (SecurityToken.WSS_SAML_TOKEN.equals(this.securityToken.getTokenType())) {
                if (!z) {
                    x509Certificate = WSSUtils.getCertificate(this.securityToken);
                }
            } else if (SecurityToken.WSS_SAML2_TOKEN.equals(this.securityToken.getTokenType()) && !z) {
                x509Certificate = SAML2TokenUtils.getCertificate(this.securityToken);
            }
            if (x509Certificate == null) {
                x509Certificate = keyProvider.getX509Certificate(this.securityContext.getSigningCertAlias());
            }
        }
        try {
            String str = null;
            if (this.securityToken instanceof AssertionToken) {
                str = ((AssertionToken) this.securityToken).getAssertion().getAssertionID();
            } else if (this.securityToken instanceof SAML2Token) {
                str = ((SAML2Token) this.securityToken).getAssertion().getID();
            }
            PrivateKey signingKey = this.securityContext.getSigningKey();
            if (signingKey == null && x509Certificate != null) {
                signingKey = keyProvider.getPrivateKey(keyProvider.getCertificateAlias(x509Certificate));
            }
            Key encryptionKey = this.securityContext.getEncryptionKey();
            this.wsseHeader.appendChild(this.soapMessage.getSOAPPart().importNode(xMLSignatureManager.signWithSAMLToken(document, signingKey, z, x509Certificate, encryptionKey == null ? keyProvider.getX509Certificate(this.securityContext.getEncryptionKeyAlias()) : keyProvider.getCertificate((PublicKey) encryptionKey), str, "", getSigningIds()), true));
            try {
                this.soapMessage.saveChanges();
            } catch (Exception e) {
                debug.error("SecureSOAPMessage.signWithAssertion:: SOAP message save failed : ", e);
            }
        } catch (XMLSignatureException e2) {
            debug.error("SecureSOAPMessage.signWithAssertion:: signing failed", e2);
            LogUtil.error(Level.INFO, LogUtil.UNABLE_TO_SIGN, new String[]{e2.getLocalizedMessage()}, null);
            throw new SecurityException(bundle.getString("unabletoSign"));
        } catch (Exception e3) {
            debug.error("SecureSOAPMessage.signWithAssertion:: signing failed", e3);
            LogUtil.error(Level.INFO, LogUtil.UNABLE_TO_SIGN, new String[]{e3.getLocalizedMessage()}, null);
            throw new SecurityException(bundle.getString("unabletoSign"));
        }
    }

    private void signWithBinaryToken(Document document, String str, String str2) throws SecurityException {
        XMLSignatureManager xMLSignatureManager = WSSUtils.getXMLSignatureManager();
        try {
            this.wsseHeader.appendChild(this.soapMessage.getSOAPPart().importNode(xMLSignatureManager.signWithBinarySecurityToken(document, xMLSignatureManager.getKeyProvider().getX509Certificate(str), "", getSigningIds(), str2), true));
            try {
                this.soapMessage.saveChanges();
            } catch (Exception e) {
                debug.error("SecureSOAPMessage.signWithBinaryToken:: SOAP message save failed : ", e);
            }
        } catch (XMLSignatureException e2) {
            debug.error("SecureSOAPMessage.signWithBinaryToken:: Signature Exception.", e2);
            LogUtil.error(Level.INFO, LogUtil.UNABLE_TO_SIGN, new String[]{e2.getLocalizedMessage()}, null);
            throw new SecurityException(bundle.getString("unabletoSign"));
        } catch (Exception e3) {
            debug.error("SecureSOAPMessage.signWithBinaryToken:: signing failed", e3);
            LogUtil.error(Level.INFO, LogUtil.UNABLE_TO_SIGN, new String[]{e3.getLocalizedMessage()}, null);
            throw new SecurityException(bundle.getString("unabletoSign"));
        }
    }

    private void signWithKerberosToken(Document document) throws SecurityException {
        try {
            this.wsseHeader.appendChild(this.soapMessage.getSOAPPart().importNode(WSSUtils.getXMLSignatureManager().signWithKerberosToken(document, ((BinarySecurityToken) this.securityToken).getSecretKey(), SAMLConstants.ALGO_ID_MAC_HMAC_SHA1, getSigningIds()), true));
            try {
                this.soapMessage.saveChanges();
            } catch (Exception e) {
                debug.error("SecureSOAPMessage.signWithBinaryToken:: SOAP message save failed : ", e);
            }
        } catch (XMLSignatureException e2) {
            debug.error("SecureSOAPMessage.signWithBinaryToken:: Signature Exception.", e2);
            LogUtil.error(Level.INFO, LogUtil.UNABLE_TO_SIGN, new String[]{e2.getLocalizedMessage()}, null);
            throw new SecurityException(bundle.getString("unabletoSign"));
        } catch (Exception e3) {
            debug.error("SecureSOAPMessage.signWithBinaryToken:: signing failed", e3);
            LogUtil.error(Level.INFO, LogUtil.UNABLE_TO_SIGN, new String[]{e3.getLocalizedMessage()}, null);
            throw new SecurityException(bundle.getString("unabletoSign"));
        }
    }

    private void signWithUNToken(Document document, String str) throws SecurityException {
        XMLSignatureManager xMLSignatureManager = WSSUtils.getXMLSignatureManager();
        try {
            this.wsseHeader.appendChild(this.soapMessage.getSOAPPart().importNode(xMLSignatureManager.signWithUserNameToken(document, xMLSignatureManager.getKeyProvider().getX509Certificate(str), "", getSigningIds()), true));
            try {
                this.soapMessage.saveChanges();
            } catch (Exception e) {
                debug.error("SecureSOAPMessage.signWithUNToken:: SOAP message save failed : ", e);
            }
        } catch (XMLSignatureException e2) {
            debug.error("SecureSOAPMessage.signWithUNToken:: Signature Exception.", e2);
            LogUtil.error(Level.INFO, LogUtil.UNABLE_TO_SIGN, new String[]{e2.getLocalizedMessage()}, null);
            throw new SecurityException(bundle.getString("unabletoSign"));
        } catch (Exception e3) {
            debug.error("SecureSOAPMessage.signWithUNToken:: signing failed", e3);
            LogUtil.error(Level.INFO, LogUtil.UNABLE_TO_SIGN, new String[]{e3.getLocalizedMessage()}, null);
            throw new SecurityException(bundle.getString("unabletoSign"));
        }
    }

    private List getSigningIds() throws Exception {
        if (this.signingIds == null) {
            this.signingIds = new ArrayList();
        }
        String attribute = this.soapMessage.getSOAPBody().getAttribute("wsu:Id");
        if (this.signedElements.isEmpty() || this.signedElements.contains("Body")) {
            this.signingIds.add(attribute);
        }
        return this.signingIds;
    }

    public String getMessageID() {
        return this.messageID;
    }

    public long getMessageTimestamp() {
        return this.msgTimestamp;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v67, types: [java.security.Key] */
    /* JADX WARN: Type inference failed for: r0v70, types: [java.security.Key] */
    public boolean verifySignature() throws SecurityException {
        try {
            Document document = toDocument();
            PublicKey publicKey = null;
            XMLSignatureManager xMLSignatureManager = WSSUtils.getXMLSignatureManager();
            String tokenType = this.securityToken != null ? this.securityToken.getTokenType() : SecurityMechanism.WSS_NULL_ANONYMOUS_URI;
            if (tokenType.equals(SecurityToken.WSS_SAML2_TOKEN) || tokenType.equals(SecurityToken.WSS_SAML_TOKEN)) {
                String str = null;
                if (tokenType.equals(SecurityToken.WSS_SAML2_TOKEN)) {
                    str = ((SAML2Token) this.securityToken).getAssertion().getIssuer().getValue();
                } else if (tokenType.equals(SecurityToken.WSS_SAML_TOKEN)) {
                    str = ((AssertionToken) this.securityToken).getAssertion().getIssuer();
                }
                String certAlias = WSSUtils.getCertAlias(str);
                if (certAlias == null) {
                    WSSUtils.debug.message("SecureSOAPMessage.verifySignature:  issuer alias does not present in the trusted ca alias list");
                    return false;
                }
                Element documentElement = this.securityToken.toDocumentElement();
                Document newDocument = XMLUtils.newDocument();
                newDocument.appendChild(newDocument.importNode(documentElement, true));
                if (WSSUtils.debug.messageEnabled()) {
                    WSSUtils.debug.message("SecureSOAPMessage.verifySignature  Assertion to be verified" + XMLUtils.print(documentElement));
                }
                if (!xMLSignatureManager.verifyXMLSignature(newDocument, certAlias)) {
                    if (!WSSUtils.debug.messageEnabled()) {
                        return false;
                    }
                    WSSUtils.debug.message("SecureSOAPMessage.verifySignature: Signature verification for the assertion failed");
                    return false;
                }
                if (WSSUtils.debug.messageEnabled()) {
                    WSSUtils.debug.message("SecureSOAPMessage.verifySignature:Signature verification successful for the assertion");
                }
            }
            if (this.messageCertificate != null) {
                publicKey = xMLSignatureManager.getKeyProvider().getPublicKey(xMLSignatureManager.getKeyProvider().getCertificateAlias(this.messageCertificate));
            } else if (tokenType.equals(SecurityToken.WSS_SAML2_TOKEN)) {
                publicKey = SAML2TokenUtils.getSecretKey(this.securityToken, this.securityContext.getDecryptionAlias());
            } else if (tokenType.equals(SecurityToken.WSS_SAML_TOKEN)) {
                publicKey = WSSUtils.getSecretKey(this.securityToken, this.securityContext.getDecryptionAlias());
            }
            return xMLSignatureManager.verifyWSSSignature(document, publicKey, this.securityContext.getVerificationCertAlias(), this.securityContext.getDecryptionAlias());
        } catch (SAMLException e) {
            debug.error("SecureSOAPMessage.verify:: Signature validation failed", e);
            LogUtil.error(Level.INFO, LogUtil.SIGNATURE_VALIDATION_FAILED, new String[]{e.getLocalizedMessage()}, null);
            throw new SecurityException(bundle.getString("signatureValidationFailed"));
        } catch (Exception e2) {
            debug.error("SecureSOAPMessage.verify:: Signature validation failed", e2);
            throw new SecurityException(bundle.getString("signatureValidationFailed"));
        }
    }

    public boolean verifyKerberosTokenSignature(Key key) throws SecurityException {
        try {
            return WSSUtils.getXMLSignatureManager().verifyWSSSignature(toDocument(), key);
        } catch (SAMLException e) {
            debug.error("SecureSOAPMessage.verify:: Signature validation failed", e);
            throw new SecurityException(bundle.getString("signatureValidationFailed"));
        }
    }

    private Document toDocument() throws SecurityException {
        try {
            this.soapMessage.saveChanges();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            this.soapMessage.writeTo(byteArrayOutputStream);
            if (debug.messageEnabled()) {
                debug.message("SecureSOAPMessage.toDocument:: message used: " + byteArrayOutputStream.toString());
            }
            Document dOMDocument = XMLUtils.toDOMDocument(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()), WSSUtils.debug);
            if (debug.messageEnabled()) {
                debug.message("SecureSOAPMessage.toDocument: Converted SOAPMessage: " + XMLUtils.print(dOMDocument));
            }
            return dOMDocument;
        } catch (Exception e) {
            debug.error("SecureSOAPMessage.toDocument: Could not Convert the SOAP Message to XML document.", e);
            throw new SecurityException(e.getMessage());
        }
    }

    public X509Certificate getMessageCertificate() {
        return this.messageCertificate;
    }

    public void encrypt(String str, String str2, int i, boolean z, boolean z2) throws SecurityException {
        Document document = toDocument();
        String tokenType = this.securityToken == null ? SecurityToken.WSS_X509_TOKEN : this.securityToken.getTokenType();
        HashMap hashMap = new HashMap();
        String str3 = null;
        String str4 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
        if (z) {
            try {
                Element documentElement = document.getDocumentElement();
                Element element = (Element) documentElement.getElementsByTagNameNS(documentElement.getNamespaceURI(), "Body").item(0);
                hashMap.put((Element) element.getFirstChild(), element.getAttribute("wsu:Id"));
            } catch (EncryptionException e) {
                debug.error("SecureSOAPMessage.encrypt:: Encryption Exception : ", e);
                LogUtil.error(Level.INFO, LogUtil.UNABLE_TO_ENCRYPT, new String[]{e.getLocalizedMessage()}, null);
                throw new SecurityException(bundle.getString("unabletoEncrypt"));
            } catch (Exception e2) {
                debug.error("SecureSOAPMessage.encrypt:: encryption failed : ", e2);
                LogUtil.error(Level.INFO, LogUtil.UNABLE_TO_ENCRYPT, new String[]{e2.getLocalizedMessage()}, null);
                throw new SecurityException(bundle.getString("unabletoEncrypt"));
            }
        }
        if (z2) {
            String str5 = null;
            if (SecurityToken.WSS_X509_TOKEN.equals(tokenType)) {
                str3 = "BinarySecurityToken";
            } else if (SecurityToken.WSS_USERNAME_TOKEN.equals(tokenType)) {
                str3 = "UsernameToken";
            } else if (SecurityToken.WSS_SAML_TOKEN.equals(tokenType)) {
                str3 = "Assertion";
                str5 = ((AssertionToken) this.securityToken).getAssertion().getAssertionID();
                str4 = "urn:oasis:names:tc:SAML:1.0:assertion";
            } else if (SecurityToken.WSS_SAML2_TOKEN.equals(tokenType)) {
                str3 = "Assertion";
                str5 = ((SAML2Token) this.securityToken).getAssertion().getID();
                str4 = "urn:oasis:names:tc:SAML:2.0:assertion";
            }
            Element element2 = (Element) document.getDocumentElement().getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security").item(0);
            if (debug.messageEnabled()) {
                debug.message("SecureSOAPMessage.encrypt:: Security Header : " + WSSUtils.print(element2));
            }
            if (element2 != null) {
                Element element3 = (Element) element2.getElementsByTagNameNS(str4, str3).item(0);
                if (element3 != null && str5 == null) {
                    str5 = element3.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                }
                hashMap.put(element3, str5);
            }
        }
        Document encryptAndReplaceWSSElements = WSSUtils.getXMLEncryptionManager().encryptAndReplaceWSSElements(document, hashMap, str2, i, str, 0, tokenType, this.server_proto + ISAuthConstants.URL_SEPARATOR + this.server_host + ":" + this.server_port);
        try {
            Element element4 = null;
            NodeList elementsByTagNameNS = encryptAndReplaceWSSElements.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey");
            int i2 = 0;
            while (true) {
                if (i2 >= elementsByTagNameNS.getLength()) {
                    break;
                }
                Element element5 = (Element) elementsByTagNameNS.item(i2);
                if (!element5.getParentNode().getParentNode().getLocalName().equals("Signature")) {
                    element4 = element5;
                    break;
                }
                i2++;
            }
            if (debug.messageEnabled()) {
                debug.message("SecureSOAPMessage.encrypt:EncryptedKey DOC : " + WSSUtils.print(element4));
            }
            Node importNode = this.soapMessage.getSOAPPart().importNode(element4, true);
            this.wsseHeader.appendChild(importNode);
            this.soapMessage.saveChanges();
            NodeList elementsByTagNameNS2 = this.soapMessage.getSOAPPart().getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey");
            if (elementsByTagNameNS2 == null || elementsByTagNameNS2.getLength() == 0) {
                this.soapMessage.getSOAPPart().getEnvelope().getHeader().appendChild(importNode);
            }
            if (debug.messageEnabled()) {
                debug.message("SecureSOAPMessage.encrypt:: wsseHeader: after Encrypt : " + WSSUtils.print(this.soapMessage.getSOAPPart()));
            }
            NodeList elementsByTagNameNS3 = encryptAndReplaceWSSElements.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData");
            int length = elementsByTagNameNS3.getLength();
            for (int i3 = 0; i3 < length; i3++) {
                Element element6 = (Element) elementsByTagNameNS3.item(i3);
                if (debug.messageEnabled()) {
                    debug.message("SecureSOAPMessage.encrypt:EncryptedData DOC (" + i3 + ") : " + WSSUtils.print(element6));
                }
                Node importNode2 = this.soapMessage.getSOAPPart().importNode(element6, true);
                if ("Body".equals(element6.getParentNode().getLocalName())) {
                    this.soapMessage.getSOAPPart().getEnvelope().getBody().replaceChild(importNode2, this.soapMessage.getSOAPPart().getEnvelope().getBody().getFirstChild());
                } else if (z2) {
                    Element element7 = (Element) this.wsseHeader.getElementsByTagNameNS(str4, str3).item(0);
                    if (debug.messageEnabled()) {
                        debug.message("SecureSOAPMessage.encrypt:: wsseHeader: token element : " + WSSUtils.print(element7));
                    }
                    if (element7 != null) {
                        this.wsseHeader.removeChild(importNode);
                        this.wsseHeader.insertBefore(importNode, element7);
                        this.wsseHeader.replaceChild(importNode2, element7);
                    }
                }
            }
            this.soapMessage.saveChanges();
            if (debug.messageEnabled()) {
                debug.message("SecureSOAPMessage.encrypt:*** SOAP PART ***");
                debug.message(WSSUtils.print(this.soapMessage.getSOAPPart()));
            }
        } catch (Exception e3) {
            debug.error("SecureSOAPMessage.encrypt:: encryption failed : ", e3);
            throw new SecurityException(bundle.getString("unabletoGetFinalSoapMessage"));
        }
    }

    public void decrypt(String str, boolean z, boolean z2) throws SecurityException {
        try {
            Document document = toDocument();
            NodeList elementsByTagNameNS = document.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData");
            if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
                debug.error("SecureSOAPMessage.decrypt:: Request is not encrypted.");
                throw new SecurityException(bundle.getString("decryptEncryptionFailed"));
            }
            Document decryptAndReplace = WSSUtils.getXMLEncryptionManager().decryptAndReplace(document, this.messageCertificate != null ? XMLSignatureManager.getInstance().getKeyProvider().getCertificateAlias(this.messageCertificate) : str);
            if (z) {
                try {
                    Element element = (Element) decryptAndReplace.getElementsByTagNameNS(decryptAndReplace.getDocumentElement().getNamespaceURI(), "Body").item(0);
                    SOAPBody body = this.soapMessage.getSOAPPart().getEnvelope().getBody();
                    if (debug.messageEnabled()) {
                        debug.message("SecureSOAPMessage.decrypt::decrypted Body element : " + WSSUtils.print(element));
                        debug.message("SecureSOAPMessage.decrypt::SOAP Body element : " + WSSUtils.print(body));
                    }
                    Node importNode = this.soapMessage.getSOAPPart().importNode(element, true);
                    NodeList childNodes = this.soapMessage.getSOAPPart().getEnvelope().getBody().getChildNodes();
                    int i = 0;
                    while (true) {
                        if (i >= childNodes.getLength()) {
                            break;
                        }
                        Node item = childNodes.item(i);
                        if (item.getNodeType() == 1) {
                            this.soapMessage.getSOAPPart().getEnvelope().getBody().removeChild(item);
                            this.soapMessage.getSOAPPart().getEnvelope().getBody().appendChild(importNode.getFirstChild());
                            break;
                        }
                        i++;
                    }
                } catch (Exception e) {
                    debug.error("SecureSOAPMessage.decrypt:: decryption failed : ", e);
                    throw new SecurityException(bundle.getString("unabletoGetFinalSoapMessage"));
                }
            }
            if (z2) {
                Element element2 = (Element) decryptAndReplace.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security").item(0);
                Node tokenNode = getTokenNode(this.soapMessage.getSOAPPart().importNode(element2, true));
                Element element3 = (Element) this.wsseHeader.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedData").item(0);
                if (debug.messageEnabled()) {
                    debug.message("SecureSOAPMessage.decrypt: decrypted Security Header doc : " + WSSUtils.print(element2));
                    debug.message("SecureSOAPMessage.decrypt: SOAP HEADER DOC : " + WSSUtils.print(this.wsseHeader));
                    debug.message("SecureSOAPMessage.decrypt: tokenNode from decrypted Security header doc: " + WSSUtils.print(tokenNode));
                    debug.message("SecureSOAPMessage.decrypt: token from current SOAP wsseHeader : " + WSSUtils.print(element3));
                }
                if (element3 != null) {
                    Element element4 = (Element) this.wsseHeader.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey").item(0);
                    this.wsseHeader.removeChild(element4);
                    this.wsseHeader.appendChild(element4);
                    this.wsseHeader.replaceChild(tokenNode, element3);
                }
            }
            this.soapMessage.saveChanges();
            if (debug.messageEnabled()) {
                debug.message("SecureSOAPMessage.decrypt:*** SOAP PART ***");
                debug.message(WSSUtils.print(this.soapMessage.getSOAPPart()));
            }
        } catch (EncryptionException e2) {
            debug.error("SecureSOAPMessage.decrypt:: Decrypt encryption failed : ", e2);
            LogUtil.error(Level.INFO, LogUtil.UNABLE_TO_DECRYPT, new String[]{e2.getLocalizedMessage()}, null);
            throw new SecurityException(bundle.getString("decryptEncryptionFailed"));
        } catch (Exception e3) {
            debug.error("SecureSOAPMessage.decrypt:: exception : ", e3);
            LogUtil.error(Level.INFO, LogUtil.UNABLE_TO_DECRYPT, new String[]{e3.getLocalizedMessage()}, null);
            throw new SecurityException(bundle.getString("unabletoDecrypt"));
        }
    }

    private Node getTokenNode(Node node) throws Exception {
        Node node2 = null;
        Object obj = null;
        NodeList childNodes = node.getChildNodes();
        int i = 0;
        while (true) {
            if (i >= childNodes.getLength()) {
                break;
            }
            Node item = childNodes.item(i);
            String localName = item.getLocalName();
            String namespaceURI = item.getNamespaceURI();
            if ("Assertion".equals(localName) && "urn:oasis:names:tc:SAML:1.0:assertion".equals(namespaceURI)) {
                obj = "Assertion";
            } else if ("Assertion".equals(localName) && "urn:oasis:names:tc:SAML:2.0:assertion".equals(namespaceURI)) {
                obj = "Assertion";
            } else if ("BinarySecurityToken".equals(localName) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(namespaceURI)) {
                obj = "BinarySecurityToken";
            } else if ("UsernameToken".equals(localName) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(namespaceURI)) {
                obj = "UsernameToken";
            }
            if (obj != null) {
                node2 = item;
                break;
            }
            i++;
        }
        return node2;
    }

    private boolean validateTimestamp(Element element) {
        String str = null;
        String str2 = null;
        NodeList childNodes = element.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1) {
                String localName = item.getLocalName();
                if (WSSConstants.CREATED.equals(localName)) {
                    str = XMLUtils.getElementValue((Element) item);
                } else if ("Expires".equals(localName)) {
                    str2 = XMLUtils.getElementValue((Element) item);
                }
            }
        }
        try {
            this.msgTimestamp = DateUtils.stringToDate(str).getTime();
            long timeSkew = this.msgTimestamp - WSSUtils.getTimeSkew();
            long time = DateUtils.stringToDate(str2).getTime();
            long time2 = new Date().getTime();
            return str == null ? str2 != null && time2 < time : str2 == null ? time2 >= timeSkew : time2 >= timeSkew && time2 < time;
        } catch (ParseException e) {
            WSSUtils.debug.error("SecureSOAPMessage.validateTimestamp: parsing exception", e);
            return false;
        }
    }

    public void setSenderIdentity(String str) {
        NodeList elementsByTagNameNS;
        Element createElementNS;
        try {
            SOAPPart sOAPPart = this.soapMessage.getSOAPPart();
            SOAPHeader header = sOAPPart.getEnvelope().getHeader();
            if (header == null || (elementsByTagNameNS = header.getElementsByTagNameNS("http://www.w3.org/2005/08/addressing", SAML2SDKUtils.ACTION)) == null || elementsByTagNameNS.getLength() == 0) {
                return;
            }
            NodeList elementsByTagNameNS2 = header.getElementsByTagNameNS("http://www.w3.org/2005/08/addressing", "From");
            if (elementsByTagNameNS2 == null || elementsByTagNameNS2.getLength() == 0) {
                createElementNS = sOAPPart.createElementNS("http://www.w3.org/2005/08/addressing", "From");
                createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                String generateID = SAMLUtils.generateID();
                createElementNS.setAttribute("wsu:Id", generateID);
                if (this.signedElements.contains("From")) {
                    this.signingIds.add(generateID);
                }
            } else {
                createElementNS = (Element) elementsByTagNameNS2.item(0);
            }
            Element createElementNS2 = sOAPPart.createElementNS(WSSConstants.WSID_NS, WSSConstants.TAG_IDENTITY);
            createElementNS2.setAttributeNS("http://www.w3.org/2000/xmlns/", WSSConstants.TAG_XML_WSID, WSSConstants.WSID_NS);
            Element createElementNS3 = sOAPPart.createElementNS(WSSConstants.WSID_NS, WSSConstants.TAG_DNSCLAIM);
            createElementNS3.appendChild(sOAPPart.createTextNode(str));
            createElementNS2.appendChild(createElementNS3);
            createElementNS.appendChild(createElementNS2);
            header.insertBefore(createElementNS, (Element) header.getElementsByTagNameNS("http://www.w3.org/2005/08/addressing", WSSConstants.REPLY_TO).item(0));
        } catch (SOAPException e) {
            WSSUtils.debug.error("SecureSOAPMessage.setSenderIdentity: SOAP Exception", e);
        }
    }

    public String getClientDnsClaim() {
        return this.clientDnsClaim;
    }

    public void setSignedElements(List list) {
        this.signedElements = list;
    }
}
