}
byte[] secretKey = null;
switch (keyIdentifierType) {
case WSConstants.BST_DIRECT_REFERENCE:
Reference ref = new Reference(doc);
ref.setURI("#" + certUri);
BinarySecurity bstToken = null;
if (!useSingleCert) {
bstToken = new PKIPathSecurity(doc);
((PKIPathSecurity) bstToken).setX509Certificates(certs, false,
crypto);
} else {
bstToken = new X509Security(doc);
((X509Security) bstToken).setX509Certificate(certs[0]);
}
ref.setValueType(bstToken.getValueType());
secRef.setReference(ref);
bstToken.setID(certUri);
WSSecurityUtil.prependChildElement(doc, securityHeader, bstToken
.getElement(), false);
wsDocInfo.setBst(bstToken.getElement());
break;
case WSConstants.ISSUER_SERIAL:
XMLX509IssuerSerial data = new XMLX509IssuerSerial(doc, certs[0]);
X509Data x509Data = new X509Data(doc);
x509Data.add(data);
secRef.setX509IssuerSerial(x509Data);
break;
case WSConstants.X509_KEY_IDENTIFIER:
secRef.setKeyIdentifier(certs[0]);
break;
case WSConstants.SKI_KEY_IDENTIFIER:
secRef.setKeyIdentifierSKI(certs[0], crypto);
break;
case WSConstants.UT_SIGNING:
Reference refUt = new Reference(doc);
refUt.setValueType(WSConstants.USERNAMETOKEN_NS + "#UsernameToken");
String utId = usernameToken.getId();
if (utId == null) {
utId = "usernameTokenId-" + usernameToken.hashCode();
usernameToken.setId(utId);
}
refUt.setURI("#" + utId);
secRef.setReference(refUt);
secretKey = usernameToken.getSecretKey();
break;
case WSConstants.THUMBPRINT_IDENTIFIER: