// get the key wrap algorithm.
URI keyWrapAlgo = request.getKeyWrapAlgorithm();
// create proof-of-possession token and server entropy (if needed).
RequestedProofTokenType requestedProofToken = null;
EntropyType serverEntropy = null;
if (WSTrustConstants.KEY_TYPE_SYMMETRIC.equalsIgnoreCase(keyType.toString()))
{
// symmetric key case: if client entropy is found, compute a key. If not, generate a new key.
requestedProofToken = new RequestedProofTokenType();
ObjectFactory objFactory = new ObjectFactory();
byte[] clientSecret = null;
EntropyType clientEntropy = request.getEntropy();
if (clientEntropy != null)
clientSecret = WSTrustUtil.getBinarySecret(clientEntropy);
byte[] serverSecret = WSTrustUtil.createRandomSecret((int) keySize / 8);
BinarySecretType serverBinarySecret = new BinarySecretType();
serverBinarySecret.setType(WSTrustConstants.BS_TYPE_NONCE);
serverBinarySecret.setValue(serverSecret);
serverEntropy = new EntropyType();
serverEntropy.getAny().add(objFactory.createBinarySecret(serverBinarySecret));
if (clientSecret != null && clientSecret.length != 0)
{
// client secret has been specified - combine it with the sts secret.