QName el = new QName(token.getNamespaceURI(), token.getLocalName());
if (el.equals(WSSecurityEngine.BINARY_TOKEN)) {
Processor proc = data.getWssConfig().getProcessor(WSSecurityEngine.BINARY_TOKEN);
List<WSSecurityEngineResult> bstResult =
proc.handleToken(token, data, wsDocInfo);
BinarySecurity bstToken =
(BinarySecurity)bstResult.get(0).get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
if (bspCompliant) {
BSPEnforcer.checkBinarySecurityBSPCompliance(secRef, bstToken);
}
secretKey = (byte[])bstResult.get(0).get(WSSecurityEngineResult.TAG_SECRET);
}
}
if (secretKey == null) {
throw new WSSecurityException(
WSSecurityException.FAILED_CHECK, "unsupportedKeyId", new Object[] {uri}
);
}
} else if (secRef.containsKeyIdentifier()) {
String valueType = secRef.getKeyIdentifierValueType();
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(valueType)
|| WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(valueType)) {
AssertionWrapper assertion =
SAMLUtil.getAssertionFromKeyIdentifier(
secRef, strElement,
data, wsDocInfo
);
secretKey =
getSecretKeyFromAssertion(assertion, secRef, data, wsDocInfo, bspCompliant);
} else if (WSConstants.WSS_KRB_KI_VALUE_TYPE.equals(valueType)) {
secretKey =
getSecretKeyFromToken(secRef.getKeyIdentifierValue(), valueType, data);
if (secretKey == null) {
byte[] keyBytes = secRef.getSKIBytes();
List<WSSecurityEngineResult> resultsList =
wsDocInfo.getResultsByTag(WSConstants.BST);
for (WSSecurityEngineResult bstResult : resultsList) {
BinarySecurity bstToken =
(BinarySecurity)bstResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
byte[] tokenDigest = WSSecurityUtil.generateDigest(bstToken.getToken());
if (Arrays.equals(tokenDigest, keyBytes)) {
secretKey = (byte[])bstResult.get(WSSecurityEngineResult.TAG_SECRET);
break;
}
}