package weblogic.webservice.core.handler;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.HandlerInfo;
import javax.xml.rpc.handler.MessageContext;
import javax.xml.rpc.soap.SOAPFaultException;
import javax.xml.soap.SOAPException;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.utils.AssertionError;
import weblogic.utils.CharsetMap;
import weblogic.utils.Debug;
import weblogic.webservice.GenericHandler;
import weblogic.webservice.Operation;
import weblogic.webservice.WLMessageContext;
import weblogic.webservice.WLSOAPPart;
import weblogic.webservice.context.WebServiceContext;
import weblogic.webservice.context.WebServiceSession;
import weblogic.webservice.core.soap.SOAPMessageImpl;
import weblogic.webservice.server.AuthorizationContext;
import weblogic.webservice.server.ConfigException;
import weblogic.webservice.server.Dispatcher;
import weblogic.webservice.util.BufferStream;
import weblogic.webservice.util.FaultUtil;
import weblogic.webservice.util.ServerKeyStore;
import weblogic.webservice.util.ServerSecurityHelper;
import weblogic.xml.security.InvalidSecurityException;
import weblogic.xml.security.SecurityAssertion;
import weblogic.xml.security.SecurityConfigurationException;
import weblogic.xml.security.SecurityProcessingException;
import weblogic.xml.security.UserInfo;
import weblogic.xml.security.assertion.ElementAssertion;
import weblogic.xml.security.assertion.IdentityAssertion;
import weblogic.xml.security.assertion.IntegrityAssertion;
import weblogic.xml.security.assertion.ServerHelper;
import weblogic.xml.security.specs.BinarySecurityTokenSpec;
import weblogic.xml.security.specs.ElementIdentifier;
import weblogic.xml.security.specs.EncryptionKey;
import weblogic.xml.security.specs.EncryptionSpec;
import weblogic.xml.security.specs.OperationSpec;
import weblogic.xml.security.specs.SecurityDD;
import weblogic.xml.security.specs.SecuritySpec;
import weblogic.xml.security.specs.SignatureKey;
import weblogic.xml.security.specs.SignatureSpec;
import weblogic.xml.security.specs.TimestampConfig;
import weblogic.xml.security.specs.User;
import weblogic.xml.security.specs.UsernameTokenSpec;
import weblogic.xml.security.utils.Utils;
import weblogic.xml.security.wsse.BinarySecurityToken;
import weblogic.xml.security.wsse.SecureSoapInputStream;
import weblogic.xml.security.wsse.SecureSoapOutputStream;
import weblogic.xml.security.wsse.Security;
import weblogic.xml.security.wsse.SecurityElementFactory;
import weblogic.xml.security.wsse.Token;
import weblogic.xml.security.wsse.v200207.UsernameTokenImpl;
import weblogic.xml.security.wsse.v200207.WSSEConstants;
import weblogic.xml.stream.XMLOutputStream;
import weblogic.xml.stream.XMLStreamException;

/* loaded from: input_file:weblogic/webservice/core/handler/WSSEHandler.class */
public class WSSEHandler extends GenericHandler implements WSSEConstants {
    public static final String RESPONSE_SECURITY_ATTRIBUTE = "weblogic.webservice.security.request";
    public static final String REQUEST_CERTIFICATE_ATTRIBUTE = "__BEA_INTERNAL__request.certificate";
    private static final String WSSE_CONFIG = "__BEA_INTERNAL__WSSE.config";
    private static final int USE_KEY_ENCIPHERMENT = 2;
    private static final QName NO_ELEMENT = Utils.getQName(WSSEConstants.QNAME_FAULT_SECURITYTOKENUNAVAILBLE);
    private static final QName INVALID_SECURITY = Utils.getQName(WSSEConstants.QNAME_FAULT_INVALIDSECURITY);
    private static final QName UNSUPPORTED = Utils.getQName(WSSEConstants.QNAME_FAULT_UNSUPPORTEDSECURITYTOKEN);
    private static final QName FAILED_AUTH = Utils.getQName(WSSEConstants.QNAME_FAULT_FAILEDAUTHENTICATION);
    private static final QName FAILED_CHECK = Utils.getQName(WSSEConstants.QNAME_FAULT_FAILEDCHECK);
    private static final SecurityElementFactory factory = SecurityElementFactory.getDefaultFactory();
    private static final boolean DEBUG = Security.WSSE_VERBOSE;
    private HandlerConfig config = null;
    private String realmName = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/webservice/core/handler/WSSEHandler$HandlerConfig.class */
    public static final class HandlerConfig {
        private final SecurityDD securityDD;
        private final PrivateKey encryptionKey;
        private final PrivateKey signatureKey;
        private final X509Certificate signatureCert;
        private final String username;
        private final String usernamePassword;

        public HandlerConfig(SecurityDD securityDD, PrivateKey privateKey, PrivateKey privateKey2, X509Certificate x509Certificate, String str, String str2) {
            this.securityDD = securityDD;
            this.encryptionKey = privateKey;
            this.signatureKey = privateKey2;
            this.signatureCert = x509Certificate;
            this.username = str;
            this.usernamePassword = str2;
        }

        public SecuritySpec getSecuritySpec(String str) {
            return this.securityDD.getSecuritySpec(str);
        }

        public PrivateKey getEncryptionKey() {
            return this.encryptionKey;
        }

        public PrivateKey getSignatureKey() {
            return this.signatureKey;
        }

        public X509Certificate getSignatureCert() {
            return this.signatureCert;
        }

        public String getUsername() {
            return this.username;
        }

        public String getUsernamePassword() {
            return this.usernamePassword;
        }

        public TimestampConfig getTimestampConfig() {
            return this.securityDD.getTimestampConfig();
        }
    }

    @Override // weblogic.webservice.GenericHandler, javax.xml.rpc.handler.Handler
    public void init(HandlerInfo handlerInfo) {
        Map handlerConfig = handlerInfo.getHandlerConfig();
        this.realmName = ((AuthorizationContext) handlerConfig.get(AuthorizationHandler.AUTHORIZATION_CONTEXT)).getSecurityRealm();
        this.config = (HandlerConfig) handlerConfig.get(WSSE_CONFIG);
    }

    @Override // weblogic.webservice.GenericHandler, javax.xml.rpc.handler.Handler
    public boolean handleRequest(MessageContext messageContext) {
        SignatureSpec signatureSpec;
        EncryptionSpec encryptionSpec;
        ServerTimestampHandler requestTimestampHandler;
        if (DEBUG) {
            Debug.say("handleRequest called");
        }
        WLMessageContext wLMessageContext = (WLMessageContext) messageContext;
        WebServiceContext webServiceContext = (WebServiceContext) wLMessageContext.getProperty(WLMessageContext.CONTEXT_PROP);
        webServiceContext.getSession().removeAttribute(RESPONSE_SECURITY_ATTRIBUTE);
        WLSOAPPart wLSOAPPart = (WLSOAPPart) wLMessageContext.getMessage().getSOAPPart();
        try {
            try {
                SecureSoapInputStream secureSoapInputStream = new SecureSoapInputStream(wLSOAPPart.getXMLStreamContent(), (String) null, this.config.encryptionKey);
                Security securityElement = secureSoapInputStream.getSecurityElement();
                SecurityAssertion[] securityAssertions = secureSoapInputStream.getSecurityAssertions();
                WebServiceSession session = webServiceContext.getSession();
                wLSOAPPart.setContent(secureSoapInputStream);
                Operation operation = getOperation(wLMessageContext);
                SecuritySpec requestSpec = getRequestSpec(operation, this.config);
                if (requestSpec != null) {
                    signatureSpec = requestSpec.getSignatureSpec();
                    encryptionSpec = requestSpec.getEncryptionSpec();
                } else {
                    signatureSpec = null;
                    encryptionSpec = null;
                }
                if (TimestampHandler.INTEGRATED && (requestTimestampHandler = getRequestTimestampHandler(requestSpec)) != null) {
                    requestTimestampHandler.handleRequest(messageContext);
                }
                if (securityElement == null && requestSpec != null) {
                    throw new SOAPFaultException(NO_ELEMENT, "Message did not contain a valid Security Element", null, null);
                }
                wLMessageContext.setProperty(WLMessageContext.SUBJECT_PROP, assertIdentities(this.realmName, securityAssertions));
                Set headerElementNames = secureSoapInputStream.getHeaderElementNames();
                Set bodyElementNames = secureSoapInputStream.getBodyElementNames();
                Set allElementNames = secureSoapInputStream.getAllElementNames();
                validateSignatureSpec(signatureSpec, securityAssertions, headerElementNames, bodyElementNames, allElementNames);
                validateEncryptionSpec(encryptionSpec, securityAssertions, headerElementNames, bodyElementNames, allElementNames);
                wLMessageContext.setProperty(WLMessageContext.REQUEST_SECURITY_ASSERTIONS_PROP, securityAssertions);
                SecuritySpec responseSpec = getResponseSpec(operation, this.config);
                if (responseSpec != null && responseSpec.getEncryptionSpec() != null) {
                    saveClientCert(securityElement, session);
                }
                return true;
            } catch (InvalidSecurityException e) {
                throw new SOAPFaultException(FAILED_CHECK, e.getMessage(), null, null);
            } catch (XMLStreamException e2) {
                throw new SOAPFaultException(INVALID_SECURITY, e2.getMessage(), null, DEBUG ? FaultUtil.newDetail(e2) : null);
            }
        } catch (SOAPException e3) {
            throw new AssertionError("Can't get soap as stream. ", e3);
        } catch (XMLStreamException e4) {
            throw new AssertionError("Can't get soap as stream. ", e4);
        }
    }

    @Override // weblogic.webservice.GenericHandler, javax.xml.rpc.handler.Handler
    public boolean handleResponse(MessageContext messageContext) {
        ServerTimestampHandler responseTimestampHandler;
        if (DEBUG) {
            Debug.say("handleResponse called");
        }
        WebServiceSession session = ((WebServiceContext) messageContext.getProperty(WLMessageContext.CONTEXT_PROP)).getSession();
        X509Certificate x509Certificate = (X509Certificate) session.getAttribute(REQUEST_CERTIFICATE_ATTRIBUTE);
        session.removeAttribute(REQUEST_CERTIFICATE_ATTRIBUTE);
        SecuritySpec responseSpec = getResponseSpec(getOperation(messageContext), this.config);
        if (TimestampHandler.INTEGRATED && (responseTimestampHandler = getResponseTimestampHandler(responseSpec)) != null) {
            responseTimestampHandler.handleResponse(messageContext);
        }
        Security security = (Security) session.getAttribute(RESPONSE_SECURITY_ATTRIBUTE);
        if (security == null) {
            if (responseSpec == null) {
                return true;
            }
            security = factory.createSecurity((String) null);
            processSpecs(responseSpec, security, x509Certificate);
        }
        WLMessageContext wLMessageContext = (WLMessageContext) messageContext;
        WLSOAPPart wLSOAPPart = (WLSOAPPart) wLMessageContext.getMessage().getSOAPPart();
        String encoding = getEncoding(wLMessageContext);
        try {
            BufferStream bufferStream = new BufferStream();
            XMLOutputStream secureSoapOutputStream = new SecureSoapOutputStream(security, bufferStream, encoding);
            try {
                wLSOAPPart.writeTo(secureSoapOutputStream);
                secureSoapOutputStream.close();
                wLSOAPPart.setContent(bufferStream);
                return true;
            } catch (SOAPException e) {
                throw new AssertionError("Unable to secure response", e);
            } catch (XMLStreamException e2) {
                throw new AssertionError("Unable to secure response", e2);
            }
        } catch (SecurityProcessingException e3) {
            e3.printStackTrace();
            throw new SecurityConfigurationException("Unable to secure response", e3);
        } catch (XMLStreamException e4) {
            e4.printStackTrace();
            throw new SecurityConfigurationException("Unable to secure response", e4);
        }
    }

    private static String getEncoding(WLMessageContext wLMessageContext) {
        String charset = wLMessageContext.getOperation().getPort().getBindingInfo().getCharset();
        if (charset == null) {
            charset = ((SOAPMessageImpl) wLMessageContext.getMessage()).getCharset();
        }
        return charset != null ? CharsetMap.getJavaFromIANA(charset) : "UTF-8";
    }

    @Override // weblogic.webservice.GenericHandler, javax.xml.rpc.handler.Handler
    public boolean handleFault(MessageContext messageContext) {
        if (DEBUG) {
            Debug.say("handleFault called");
        }
        return super.handleFault(messageContext);
    }

    private static Operation getOperation(MessageContext messageContext) {
        WLMessageContext wLMessageContext = (WLMessageContext) messageContext;
        Operation operation = wLMessageContext.getOperation();
        if (operation == null) {
            try {
                operation = Dispatcher.getOperation(wLMessageContext);
            } catch (SOAPException e) {
                throw new AssertionError(e);
            }
        }
        return operation;
    }

    private static SecuritySpec getRequestSpec(Operation operation, HandlerConfig handlerConfig) {
        String securitySpecRef = operation != null ? operation.getInput().getSecuritySpecRef() : null;
        SecuritySpec securitySpec = securitySpecRef == null ? handlerConfig.getSecuritySpec("default-spec") : handlerConfig.getSecuritySpec(securitySpecRef);
        if (DEBUG) {
            Debug.say(new StringBuffer().append("using this spec for the request -- ").append(securitySpec).toString());
        }
        return securitySpec;
    }

    private static SecuritySpec getResponseSpec(Operation operation, HandlerConfig handlerConfig) {
        String securitySpecRef = operation != null ? operation.getOutput().getSecuritySpecRef() : null;
        SecuritySpec securitySpec = securitySpecRef == null ? handlerConfig.getSecuritySpec("default-spec") : handlerConfig.getSecuritySpec(securitySpecRef);
        if (DEBUG) {
            Debug.say(new StringBuffer().append("using this spec for the response -- ").append(securitySpec).toString());
        }
        return securitySpec;
    }

    private void saveClientCert(Security security, WebServiceSession webServiceSession) {
        Iterator binarySecurityTokens = security.getBinarySecurityTokens();
        boolean z = false;
        while (true) {
            if (!binarySecurityTokens.hasNext()) {
                break;
            }
            X509Certificate certificate = ((BinarySecurityToken) binarySecurityTokens.next()).getCertificate();
            if (certificate != null && keyEncryptionAllowed(certificate)) {
                webServiceSession.setAttribute(REQUEST_CERTIFICATE_ATTRIBUTE, certificate);
                z = true;
                break;
            }
        }
        if (!z) {
            throw new SOAPFaultException(INVALID_SECURITY, "Response requires encryption; no certificate with suitable key usage was found", null, null);
        }
    }

    private static final AuthenticatedSubject assertIdentities(String str, SecurityAssertion[] securityAssertionArr) {
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList(3);
        X509Certificate x509Certificate = null;
        Subject subject = null;
        arrayList.add(ServerSecurityHelper.getCurrentSubject());
        for (SecurityAssertion securityAssertion : securityAssertionArr) {
            switch (securityAssertion.getAssertionTypeCode()) {
                case 0:
                    IdentityAssertion identityAssertion = (IdentityAssertion) securityAssertion;
                    UserInfo userInfo = identityAssertion.getUserInfo();
                    if (userInfo == null) {
                        throw new AssertionError(new StringBuffer().append("Unsupported Identity Assertion ").append(identityAssertion).toString());
                    }
                    AuthenticatedSubject assertIdentity = assertIdentity(userInfo, str);
                    if (assertIdentity != null) {
                        arrayList.add(assertIdentity);
                        break;
                    } else {
                        break;
                    }
                case 1:
                case 2:
                    IntegrityAssertion integrityAssertion = (IntegrityAssertion) securityAssertion;
                    X509Certificate certificate = integrityAssertion.getCertificate();
                    if (certificate != null) {
                        if (x509Certificate == certificate) {
                            ServerHelper.setSubject(integrityAssertion, subject);
                        } else {
                            x509Certificate = certificate;
                            subject = (Subject) hashMap.get(certificate);
                            if (subject == null) {
                                subject = assertIdentity(certificate, str).getSubject();
                                hashMap.put(x509Certificate, subject);
                            }
                        }
                        ServerHelper.setSubject(integrityAssertion, subject);
                        break;
                    } else {
                        break;
                    }
            }
        }
        return SubjectUtils.combineSubjects((AuthenticatedSubject[]) arrayList.toArray(new AuthenticatedSubject[arrayList.size()]));
    }

    private static AuthenticatedSubject assertIdentity(X509Certificate x509Certificate, String str) {
        try {
            return ServerSecurityHelper.assertIdentity(new X509Certificate[]{x509Certificate}, str);
        } catch (LoginException e) {
            throw new SOAPFaultException(FAILED_AUTH, e.getMessage(), null, null);
        }
    }

    private static AuthenticatedSubject assertIdentity(UserInfo userInfo, String str) {
        String password = userInfo.getPassword();
        if (password != null) {
            try {
                return ServerSecurityHelper.assertIdentity(userInfo.getUsername(), password, str);
            } catch (LoginException e) {
                throw new SOAPFaultException(FAILED_AUTH, e.getMessage(), null, null);
            }
        }
        if (userInfo.getPasswordDigest() != null) {
            throw new SOAPFaultException(UNSUPPORTED, "Password Digests not supported", null, null);
        }
        throw new SOAPFaultException(INVALID_SECURITY, "UsernameToken did not contain a password", null, null);
    }

    private static final void validateEncryptionSpec(EncryptionSpec encryptionSpec, SecurityAssertion[] securityAssertionArr, Set set, Set set2, Set set3) {
        validateSpec(encryptionSpec, securityAssertionArr, 4, set, set2, set3);
    }

    private static void validateSignatureSpec(SignatureSpec signatureSpec, SecurityAssertion[] securityAssertionArr, Set set, Set set2, Set set3) {
        validateSpec(signatureSpec, securityAssertionArr, 2, set, set2, set3);
    }

    private static final void validateSpec(OperationSpec operationSpec, SecurityAssertion[] securityAssertionArr, int i, Set set, Set set2, Set set3) {
        if (operationSpec == null) {
            return;
        }
        ElementIdentifier[] bodyElementSpecs = operationSpec.getBodyElementSpecs();
        ElementAssertion[] subsetAssertions = subsetAssertions(securityAssertionArr, i, "body");
        if (!operationSpec.entireBody()) {
            compare(bodyElementSpecs, subsetAssertions, set2);
        } else if (subsetAssertions.length == 0) {
            throw new SOAPFaultException(FAILED_CHECK, "failed security check for message body", null, null);
        }
        compare(operationSpec.getHeaderElementSpecs(), subsetAssertions(securityAssertionArr, i, "header"), set);
        compare(operationSpec.getUnrestrictedElementSpecs(), subsetAssertions(securityAssertionArr, i, null), set3);
    }

    private static void compare(ElementIdentifier[] elementIdentifierArr, ElementAssertion[] elementAssertionArr, Set set) {
        for (ElementIdentifier elementIdentifier : elementIdentifierArr) {
            if (!set.contains(elementIdentifier.getXMLName())) {
                return;
            }
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= elementAssertionArr.length) {
                    break;
                }
                if (elementAssertionArr[i].satisfies(elementIdentifier)) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                throw new SOAPFaultException(FAILED_CHECK, new StringBuffer().append("failed to satisfy security requirements for type ").append(elementIdentifier).toString(), null, null);
            }
        }
    }

    private static ElementAssertion[] subsetAssertions(SecurityAssertion[] securityAssertionArr, int i, String str) {
        ArrayList arrayList = new ArrayList();
        for (SecurityAssertion securityAssertion : securityAssertionArr) {
            if (i == securityAssertion.getAssertionTypeCode()) {
                ElementAssertion elementAssertion = (ElementAssertion) securityAssertion;
                if (satisfiesRestriction(elementAssertion, str)) {
                    arrayList.add(elementAssertion);
                }
            }
        }
        return (ElementAssertion[]) arrayList.toArray(new ElementAssertion[arrayList.size()]);
    }

    private static boolean satisfiesRestriction(ElementAssertion elementAssertion, String str) {
        String restriction = elementAssertion.getRestriction();
        return restriction == null || (str != null && str.equals(restriction));
    }

    private void processSpecs(SecuritySpec securitySpec, Security security, X509Certificate x509Certificate) {
        UsernameTokenSpec usernameTokenSpec = securitySpec.getUsernameTokenSpec();
        BinarySecurityTokenSpec binarySecurityTokenSpec = securitySpec.getBinarySecurityTokenSpec();
        SignatureSpec signatureSpec = securitySpec.getSignatureSpec();
        EncryptionSpec encryptionSpec = securitySpec.getEncryptionSpec();
        if (usernameTokenSpec != null && this.config.getUsername() != null) {
            security.addToken(new UsernameTokenImpl(this.config.getUsername(), this.config.getUsernamePassword(), usernameTokenSpec.getPasswordType()));
        }
        X509Certificate signatureCert = this.config.getSignatureCert();
        PrivateKey signatureKey = this.config.getSignatureKey();
        Token createToken = (signatureCert == null || signatureKey == null) ? null : factory.createToken(signatureCert, signatureKey);
        if (signatureSpec != null) {
            try {
                if (createToken == null) {
                    throw new SecurityConfigurationException("Service requires an identity, but none was loaded");
                }
                security.addSignature(createToken, signatureSpec);
            } catch (SecurityProcessingException e) {
                throw new AssertionError("Unable to apply required signature", e);
            }
        }
        if (binarySecurityTokenSpec != null) {
            if (createToken == null) {
                throw new SecurityConfigurationException("Service requires an identity, but none was loaded");
            }
            security.addToken(createToken);
        }
        if (encryptionSpec != null) {
            if (x509Certificate == null) {
                throw new RuntimeException("Client certificate was lost");
            }
            try {
                security.addEncryption(factory.createToken(x509Certificate, (PrivateKey) null), encryptionSpec);
            } catch (SecurityProcessingException e2) {
                throw new AssertionError("Problem performing encryption on response", e2);
            }
        }
    }

    private static boolean keyEncryptionAllowed(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage == null) {
            return true;
        }
        return keyUsage[2];
    }

    public static final void initHandlerInfo(SecurityDD securityDD, HandlerInfo handlerInfo) throws ConfigException {
        Map handlerConfig = handlerInfo.getHandlerConfig();
        PrivateKey privateKey = null;
        PrivateKey privateKey2 = null;
        X509Certificate x509Certificate = null;
        try {
            ServerKeyStore.init();
            EncryptionKey encryptionKey = securityDD.getEncryptionKey();
            if (encryptionKey != null) {
                privateKey = ServerKeyStore.getPrivateKey(encryptionKey.getName(), encryptionKey.getPassword());
                addServerCertToWSDL(encryptionKey, securityDD);
            }
            SignatureKey signingKey = securityDD.getSigningKey();
            if (signingKey != null) {
                privateKey2 = ServerKeyStore.getPrivateKey(signingKey.getName(), signingKey.getPassword());
                x509Certificate = ServerKeyStore.getCertificate(signingKey.getName());
            }
            User user = securityDD.getUser();
            String str = null;
            String str2 = null;
            if (user != null) {
                str = user.getName();
                str2 = ServerKeyStore.decryptPassword(user.getPassword());
            }
            handlerConfig.put(WSSE_CONFIG, new HandlerConfig(securityDD, privateKey, privateKey2, x509Certificate, str, str2));
        } catch (Exception e) {
            throw new ConfigException("Failed to load server keystore", e);
        }
    }

    private ServerTimestampHandler getRequestTimestampHandler(SecuritySpec securitySpec) {
        TimestampConfig configuration;
        TimestampConfig timestampConfig = this.config.getTimestampConfig();
        ServerTimestampHandler serverTimestampHandler = new ServerTimestampHandler();
        if (timestampConfig != null) {
            configuration = timestampConfig.copy();
            serverTimestampHandler.setConfiguration(configuration);
        } else {
            configuration = serverTimestampHandler.getConfiguration();
        }
        configuration.setTimestampRequired((!configuration.isTimestampRequired() || securitySpec == null || securitySpec.getSignatureSpec() == null) ? false : true);
        return serverTimestampHandler;
    }

    private ServerTimestampHandler getResponseTimestampHandler(SecuritySpec securitySpec) {
        TimestampConfig configuration;
        TimestampConfig timestampConfig = this.config.getTimestampConfig();
        if (securitySpec == null && timestampConfig == null) {
            return null;
        }
        ServerTimestampHandler serverTimestampHandler = new ServerTimestampHandler();
        if (timestampConfig != null) {
            configuration = timestampConfig.copy();
            serverTimestampHandler.setConfiguration(configuration);
        } else {
            configuration = serverTimestampHandler.getConfiguration();
        }
        configuration.setGenerateTimestamp((!configuration.generateTimestamp() || securitySpec == null || securitySpec.getSignatureSpec() == null) ? false : true);
        return serverTimestampHandler;
    }

    private static void addServerCertToWSDL(EncryptionKey encryptionKey, SecurityDD securityDD) throws ConfigException {
        EncryptionSpec encryptionSpec;
        Iterator securitySpecs = securityDD.getSecuritySpecs();
        while (securitySpecs.hasNext()) {
            SecuritySpec securitySpec = (SecuritySpec) securitySpecs.next();
            if (encryptionKey != null) {
                X509Certificate certificate = ServerKeyStore.getCertificate(encryptionKey.getName());
                if (securitySpec != null && (encryptionSpec = securitySpec.getEncryptionSpec()) != null && encryptionSpec.getCertificate() == null) {
                    encryptionSpec.setCertificate(certificate);
                }
            }
        }
    }
}
