package org.apache.wss4j.dom.message;

import java.security.Key;
import java.security.KeyException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMCryptoContext;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.common.token.DOMX509Data;
import org.apache.wss4j.common.token.DOMX509IssuerSerial;
import org.apache.wss4j.common.token.PKIPathSecurity;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.message.token.KerberosSecurity;
import org.apache.wss4j.dom.transform.STRTransform;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.utils.XMLUtils;
import org.opensaml.security.crypto.JCAConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:WEB-INF/lib/wss4j-ws-security-dom-2.2.2.jar:org/apache/wss4j/dom/message/WSSecSignature.class */
public class WSSecSignature extends WSSecSignatureBase {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) WSSecSignature.class);
    protected XMLSignatureFactory signatureFactory;
    protected KeyInfo keyInfo;
    protected CanonicalizationMethod c14nMethod;
    protected XMLSignature sig;
    protected byte[] secretKey;
    protected String strUri;
    protected Element bstToken;
    protected String keyInfoUri;
    protected String certUri;
    protected byte[] signatureValue;
    private boolean useSingleCert;
    private String sigAlgo;
    private String canonAlgo;
    private SecurityTokenReference secRef;
    private String customTokenValueType;
    private String customTokenId;
    private String encrKeySha1value;
    private Crypto crypto;
    private String digestAlgo;
    private X509Certificate useThisCert;
    private boolean useCustomSecRef;
    private boolean bstAddedToSecurityHeader;
    private boolean includeSignatureToken;
    private boolean addInclusivePrefixes;
    private Element customKeyInfoElement;

    public WSSecSignature(WSSecHeader wSSecHeader) {
        super(wSSecHeader);
        this.useSingleCert = true;
        this.canonAlgo = "http://www.w3.org/2001/10/xml-exc-c14n#";
        this.digestAlgo = "http://www.w3.org/2000/09/xmldsig#sha1";
        this.addInclusivePrefixes = true;
        init(null);
    }

    public WSSecSignature(Document document) {
        this(document, null);
    }

    public WSSecSignature(Document document, Provider provider) {
        super(document);
        this.useSingleCert = true;
        this.canonAlgo = "http://www.w3.org/2001/10/xml-exc-c14n#";
        this.digestAlgo = "http://www.w3.org/2000/09/xmldsig#sha1";
        this.addInclusivePrefixes = true;
        init(provider);
    }

    private void init(Provider provider) {
        if (provider != null) {
            this.signatureFactory = XMLSignatureFactory.getInstance("DOM", provider);
            return;
        }
        try {
            this.signatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
        } catch (NoSuchProviderException e) {
            this.signatureFactory = XMLSignatureFactory.getInstance("DOM");
        }
    }

    public void prepare(Crypto crypto) throws WSSecurityException {
        this.crypto = crypto;
        WSDocInfo wsDocInfo = getWsDocInfo();
        if (wsDocInfo == null) {
            wsDocInfo = new WSDocInfo(getDocument());
            super.setWsDocInfo(wsDocInfo);
        }
        wsDocInfo.setCrypto(crypto);
        X509Certificate[] signingCerts = getSigningCerts();
        try {
            ExcC14NParameterSpec excC14NParameterSpec = null;
            if (this.addInclusivePrefixes && this.canonAlgo.equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
                excC14NParameterSpec = new ExcC14NParameterSpec(getInclusivePrefixes(getSecurityHeader().getSecurityHeaderElement(), false));
            }
            this.c14nMethod = this.signatureFactory.newCanonicalizationMethod(this.canonAlgo, excC14NParameterSpec);
            this.keyInfoUri = getIdAllocator().createSecureId("KI-", this.keyInfo);
            if (!this.useCustomSecRef && this.customKeyInfoElement == null) {
                this.secRef = new SecurityTokenReference(getDocument());
                this.strUri = getIdAllocator().createSecureId("STR-", this.secRef);
                this.secRef.addWSSENamespace();
                this.secRef.addWSUNamespace();
                this.secRef.setID(this.strUri);
                switch (this.keyIdentifierType) {
                    case 1:
                        Reference reference = new Reference(getDocument());
                        reference.setURI("#" + this.certUri);
                        addBST(signingCerts);
                        if (this.useSingleCert) {
                            reference.setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
                        } else {
                            this.secRef.addTokenType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1");
                            reference.setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1");
                        }
                        this.secRef.setReference(reference);
                        break;
                    case 2:
                        this.secRef.setUnknownElement(new DOMX509Data(getDocument(), new DOMX509IssuerSerial(getDocument(), signingCerts[0].getIssuerX500Principal().getName(), signingCerts[0].getSerialNumber())).getElement());
                        if (this.includeSignatureToken) {
                            addBST(signingCerts);
                            break;
                        }
                        break;
                    case 3:
                        this.secRef.setKeyIdentifier(signingCerts[0]);
                        break;
                    case 4:
                        this.secRef.setKeyIdentifierSKI(signingCerts[0], this.crypto);
                        if (this.includeSignatureToken) {
                            addBST(signingCerts);
                            break;
                        }
                        break;
                    case 5:
                    case 6:
                    case 7:
                    default:
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "unsupportedKeyId");
                    case 8:
                        this.secRef.setKeyIdentifierThumb(signingCerts[0]);
                        if (this.includeSignatureToken) {
                            addBST(signingCerts);
                            break;
                        }
                        break;
                    case 9:
                        Reference reference2 = new Reference(getDocument());
                        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customTokenValueType)) {
                            this.secRef.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                            reference2.setValueType(this.customTokenValueType);
                        } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customTokenValueType)) {
                            this.secRef.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                        } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customTokenValueType)) {
                            this.secRef.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                            reference2.setValueType(this.customTokenValueType);
                        } else if (KerberosSecurity.isKerberosToken(this.customTokenValueType)) {
                            this.secRef.addTokenType(this.customTokenValueType);
                            reference2.setValueType(this.customTokenValueType);
                        } else {
                            reference2.setValueType(this.customTokenValueType);
                        }
                        reference2.setURI("#" + this.customTokenId);
                        this.secRef.setReference(reference2);
                        break;
                    case 10:
                        if (this.encrKeySha1value != null) {
                            this.secRef.setKeyIdentifierEncKeySHA1(this.encrKeySha1value);
                        } else {
                            this.secRef.setKeyIdentifierEncKeySHA1(XMLUtils.encodeToString(KeyUtils.generateDigest(this.secretKey)));
                        }
                        this.secRef.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                        break;
                    case 11:
                        Reference reference3 = new Reference(getDocument());
                        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customTokenValueType)) {
                            this.secRef.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                            reference3.setValueType(this.customTokenValueType);
                        } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customTokenValueType)) {
                            this.secRef.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                        } else if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customTokenValueType)) {
                            this.secRef.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                            reference3.setValueType(this.customTokenValueType);
                        } else if (KerberosSecurity.isKerberosToken(this.customTokenValueType)) {
                            this.secRef.addTokenType(this.customTokenValueType);
                            reference3.setValueType(this.customTokenValueType);
                        } else {
                            reference3.setValueType(this.customTokenValueType);
                        }
                        reference3.setURI(this.customTokenId);
                        this.secRef.setReference(reference3);
                        break;
                    case 12:
                        if (!"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.customTokenValueType)) {
                            if (!"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(this.customTokenValueType)) {
                                if (!"http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey".equals(this.customTokenValueType)) {
                                    if (!"http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1".equals(this.customTokenValueType)) {
                                        if ("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1".equals(this.customTokenValueType)) {
                                            this.secRef.setKeyIdentifier(this.customTokenValueType, this.customTokenId, true);
                                            this.secRef.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ");
                                            break;
                                        }
                                    } else {
                                        this.secRef.setKeyIdentifier(this.customTokenValueType, this.customTokenId, true);
                                        this.secRef.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                                        break;
                                    }
                                } else {
                                    this.secRef.setKeyIdentifier(this.customTokenValueType, this.customTokenId, true);
                                    this.secRef.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                                    break;
                                }
                            } else {
                                this.secRef.setKeyIdentifier(this.customTokenValueType, this.customTokenId);
                                this.secRef.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
                                break;
                            }
                        } else {
                            this.secRef.setKeyIdentifier(this.customTokenValueType, this.customTokenId);
                            this.secRef.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
                            break;
                        }
                        break;
                    case 13:
                        PublicKey publicKey = signingCerts[0].getPublicKey();
                        try {
                            KeyInfoFactory keyInfoFactory = this.signatureFactory.getKeyInfoFactory();
                            this.keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newKeyValue(publicKey)), this.keyInfoUri);
                            break;
                        } catch (KeyException e) {
                            LOG.error("", (Throwable) e);
                            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e, "noXMLSig");
                        }
                }
            }
            if (this.keyIdentifierType != 13) {
                marshalKeyInfo(wsDocInfo);
            }
        } catch (Exception e2) {
            LOG.error("", (Throwable) e2);
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e2, "noXMLSig");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [java.util.List] */
    public void marshalKeyInfo(WSDocInfo wSDocInfo) throws WSSecurityException {
        ArrayList arrayList;
        if (this.customKeyInfoElement == null) {
            DOMStructure dOMStructure = new DOMStructure(this.secRef.getElement());
            wSDocInfo.addTokenElement(this.secRef.getElement(), false);
            arrayList = Collections.singletonList(dOMStructure);
        } else {
            arrayList = new ArrayList();
            for (Node firstChild = this.customKeyInfoElement.getFirstChild(); firstChild != null; firstChild = firstChild.getNextSibling()) {
                arrayList.add(new DOMStructure(firstChild));
            }
        }
        this.keyInfo = this.signatureFactory.getKeyInfoFactory().newKeyInfo(arrayList, this.keyInfoUri);
    }

    public Document build(Crypto crypto) throws WSSecurityException {
        LOG.debug("Beginning signing...");
        prepare(crypto);
        if (getParts().isEmpty()) {
            getParts().add(WSSecurityUtil.getDefaultEncryptionPart(getDocument()));
        } else {
            for (WSEncryptionPart wSEncryptionPart : getParts()) {
                if (wSEncryptionPart.getId() == null && "STRTransform".equals(wSEncryptionPart.getName())) {
                    wSEncryptionPart.setId(this.strUri);
                } else if ("KeyInfo".equals(wSEncryptionPart.getName()) && "http://www.w3.org/2000/09/xmldsig#".equals(wSEncryptionPart.getNamespace()) && wSEncryptionPart.getElement() == null) {
                    wSEncryptionPart.setElement(getKeyInfoElement());
                }
            }
        }
        computeSignature(addReferencesToSign(getParts()));
        if (this.bstToken != null) {
            prependBSTElementToHeader();
        }
        return getDocument();
    }

    public List<javax.xml.crypto.dsig.Reference> addReferencesToSign(List<WSEncryptionPart> list) throws WSSecurityException {
        return addReferencesToSign(getDocument(), list, getWsDocInfo(), this.signatureFactory, this.addInclusivePrefixes, this.digestAlgo);
    }

    public Element getSignatureElement() {
        return org.apache.wss4j.common.util.XMLUtils.getDirectChildElement(getSecurityHeader().getSecurityHeaderElement(), "Signature", "http://www.w3.org/2000/09/xmldsig#");
    }

    private void addBST(X509Certificate[] x509CertificateArr) throws WSSecurityException {
        BinarySecurity x509Security;
        byte[] encoded;
        if (this.storeBytesInAttachment) {
            this.bstToken = getDocument().createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:BinarySecurityToken");
            this.bstToken.setAttributeNS(null, "EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
            this.bstToken.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Id", this.certUri);
            if (this.useSingleCert) {
                this.bstToken.setAttributeNS(null, "ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
                try {
                    encoded = x509CertificateArr[0].getEncoded();
                } catch (CertificateEncodingException e) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "encodeError");
                }
            } else {
                this.bstToken.setAttributeNS(null, "ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1");
                encoded = this.crypto.getBytesFromCertificates(x509CertificateArr);
            }
            WSSecurityUtil.storeBytesInAttachment(this.bstToken, getDocument(), getIdAllocator().createId("", getDocument()), encoded, this.attachmentCallbackHandler);
            getWsDocInfo().addTokenElement(this.bstToken, false);
        } else {
            if (this.useSingleCert) {
                x509Security = new X509Security(getDocument());
                ((X509Security) x509Security).setX509Certificate(x509CertificateArr[0]);
            } else {
                x509Security = new PKIPathSecurity(getDocument());
                ((PKIPathSecurity) x509Security).setX509Certificates(x509CertificateArr, this.crypto);
            }
            x509Security.setID(this.certUri);
            this.bstToken = x509Security.getElement();
            getWsDocInfo().addTokenElement(this.bstToken, false);
        }
        this.bstAddedToSecurityHeader = false;
    }

    public void prependBSTElementToHeader() {
        if (this.bstToken == null || this.bstAddedToSecurityHeader) {
            return;
        }
        WSSecurityUtil.prependChildElement(getSecurityHeader().getSecurityHeaderElement(), this.bstToken);
        this.bstAddedToSecurityHeader = true;
    }

    public void appendBSTElementToHeader() {
        if (this.bstToken == null || this.bstAddedToSecurityHeader) {
            return;
        }
        getSecurityHeader().getSecurityHeaderElement().appendChild(this.bstToken);
        this.bstAddedToSecurityHeader = true;
    }

    public void computeSignature(List<javax.xml.crypto.dsig.Reference> list) throws WSSecurityException {
        computeSignature(list, true, null);
    }

    public void computeSignature(List<javax.xml.crypto.dsig.Reference> list, boolean z, Element element) throws WSSecurityException {
        DOMSignContext dOMSignContext;
        try {
            Key privateKey = this.secretKey == null ? this.crypto.getPrivateKey(this.user, this.password) : KeyUtils.prepareSecretKey(this.sigAlgo, this.secretKey);
            this.sig = this.signatureFactory.newXMLSignature(this.signatureFactory.newSignedInfo(this.c14nMethod, this.signatureFactory.newSignatureMethod(this.sigAlgo, (SignatureMethodParameterSpec) null), list), this.keyInfo, (List) null, getIdAllocator().createId("SIG-", null), (String) null);
            Element securityHeaderElement = getSecurityHeader().getSecurityHeaderElement();
            if (z) {
                if (element == null) {
                    Node firstChild = securityHeaderElement.getFirstChild();
                    while (firstChild != null && firstChild.getNodeType() != 1) {
                        firstChild = firstChild.getNextSibling();
                    }
                    element = (Element) firstChild;
                }
                dOMSignContext = element == null ? new DOMSignContext(privateKey, securityHeaderElement) : new DOMSignContext(privateKey, securityHeaderElement, element);
            } else {
                dOMSignContext = new DOMSignContext(privateKey, securityHeaderElement);
            }
            dOMSignContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
            if ("http://www.w3.org/2001/10/xml-exc-c14n#".equals(this.canonAlgo)) {
                dOMSignContext.putNamespacePrefix("http://www.w3.org/2001/10/xml-exc-c14n#", WSS4JConstants.C14N_EXCL_OMIT_COMMENTS_PREFIX);
            }
            dOMSignContext.setProperty(STRTransform.TRANSFORM_WS_DOC_INFO, getWsDocInfo());
            getWsDocInfo().setCallbackLookup(this.callbackLookup);
            getWsDocInfo().setTokensOnContext(dOMSignContext);
            this.sig.sign(dOMSignContext);
            this.signatureValue = this.sig.getSignatureValue().getValue();
            cleanup();
        } catch (Exception e) {
            LOG.error(e.getMessage(), (Throwable) e);
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, e);
        }
    }

    public void setUseSingleCertificate(boolean z) {
        this.useSingleCert = z;
    }

    public boolean isUseSingleCertificate() {
        return this.useSingleCert;
    }

    public void setSignatureAlgorithm(String str) {
        this.sigAlgo = str;
    }

    public String getSignatureAlgorithm() {
        return this.sigAlgo;
    }

    public void setSigCanonicalization(String str) {
        this.canonAlgo = str;
    }

    public String getSigCanonicalization() {
        return this.canonAlgo;
    }

    public String getDigestAlgo() {
        return this.digestAlgo;
    }

    public void setDigestAlgo(String str) {
        this.digestAlgo = str;
    }

    public byte[] getSignatureValue() {
        return this.signatureValue;
    }

    public Element getKeyInfoElement() throws WSSecurityException {
        Element createElement = getDocument().createElement("temp");
        DOMCryptoContext dOMCryptoContext = new DOMCryptoContext() { // from class: org.apache.wss4j.dom.message.WSSecSignature.1
        };
        dOMCryptoContext.putNamespacePrefix("http://www.w3.org/2000/09/xmldsig#", "ds");
        try {
            this.keyInfo.marshal(new DOMStructure(createElement), dOMCryptoContext);
            return (Element) createElement.getFirstChild();
        } catch (MarshalException e) {
            LOG.error(e.getMessage(), (Throwable) e);
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, (Exception) e);
        }
    }

    public String getId() {
        if (this.sig == null) {
            return null;
        }
        return this.sig.getId();
    }

    public String getBSTTokenId() {
        if (this.bstToken == null) {
            return null;
        }
        return this.bstToken.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
    }

    public void setSecretKey(byte[] bArr) {
        this.secretKey = bArr;
    }

    public void setCustomTokenValueType(String str) {
        this.customTokenValueType = str;
    }

    public void setCustomTokenId(String str) {
        this.customTokenId = str;
    }

    public String getCustomTokenId() {
        return this.customTokenId;
    }

    public void setEncrKeySha1value(String str) {
        this.encrKeySha1value = str;
    }

    public void setX509Certificate(X509Certificate x509Certificate) {
        this.useThisCert = x509Certificate;
    }

    public Element getBinarySecurityTokenElement() {
        return this.bstToken;
    }

    public String getSecurityTokenReferenceURI() {
        return this.strUri;
    }

    public SecurityTokenReference getSecurityTokenReference() {
        return this.secRef;
    }

    public void setSecurityTokenReference(SecurityTokenReference securityTokenReference) {
        this.useCustomSecRef = true;
        this.secRef = securityTokenReference;
    }

    private X509Certificate[] getSigningCerts() throws WSSecurityException {
        X509Certificate[] x509CertificateArr = null;
        if (this.keyIdentifierType != 9 && this.keyIdentifierType != 11 && this.keyIdentifierType != 10 && this.keyIdentifierType != 12) {
            if (this.useThisCert == null) {
                CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
                cryptoType.setAlias(this.user);
                if (this.crypto == null) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile");
                }
                x509CertificateArr = this.crypto.getX509Certificates(cryptoType);
            } else {
                x509CertificateArr = new X509Certificate[]{this.useThisCert};
            }
            if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noUserCertsFound", new Object[]{this.user, "signature"});
            }
            this.certUri = getIdAllocator().createSecureId("X509-", x509CertificateArr[0]);
            if (this.sigAlgo == null) {
                String algorithm = x509CertificateArr[0].getPublicKey().getAlgorithm();
                LOG.debug("Automatic signature algorithm detection: {}", algorithm);
                if (algorithm.equalsIgnoreCase(JCAConstants.KEY_ALGO_DSA)) {
                    this.sigAlgo = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
                } else {
                    if (!algorithm.equalsIgnoreCase(JCAConstants.KEY_ALGO_RSA)) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "unknownSignatureAlgorithm", new Object[]{algorithm});
                    }
                    this.sigAlgo = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
                }
            }
        }
        return x509CertificateArr;
    }

    public boolean isIncludeSignatureToken() {
        return this.includeSignatureToken;
    }

    public void setIncludeSignatureToken(boolean z) {
        this.includeSignatureToken = z;
    }

    public boolean isAddInclusivePrefixes() {
        return this.addInclusivePrefixes;
    }

    public void setAddInclusivePrefixes(boolean z) {
        this.addInclusivePrefixes = z;
    }

    public void setCustomKeyInfoElement(Element element) {
        this.customKeyInfoElement = element;
    }

    public Element getCustomKeyInfoElement() {
        return this.customKeyInfoElement;
    }
}
