private String getEncryptedKey() {

    List<WSHandlerResult> results =
        CastUtils.cast(
            (List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));

    for (WSHandlerResult rResult : results) {
      List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();

      for (WSSecurityEngineResult wser : wsSecEngineResults) {
        Integer actInt = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
        String encryptedKeyID = (String) wser.get(WSSecurityEngineResult.TAG_ID);
        if (actInt.intValue() == WSConstants.ENCR
            && encryptedKeyID != null
            && encryptedKeyID.length() != 0) {
          Date created = new Date();
          Date expires = new Date();
          expires.setTime(created.getTime() + 300000);
          SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires);
          tempTok.setSecret((byte[]) wser.get(WSSecurityEngineResult.TAG_SECRET));
          tempTok.setSHA1(
              getSHA1((byte[]) wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
          tokenStore.add(tempTok);

          return encryptedKeyID;
        }
      }
    }
    return null;
  }
  private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken)
      throws WSSecurityException {
    WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken);
    String id = encrKey.getId();
    byte[] secret = encrKey.getEphemeralKey();

    Date created = new Date();
    Date expires = new Date();
    expires.setTime(created.getTime() + 300000);
    SecurityToken tempTok =
        new SecurityToken(id, encrKey.getEncryptedKeyElement(), created, expires);

    tempTok.setSecret(secret);

    // Set the SHA1 value of the encrypted key, this is used when the encrypted
    // key is referenced via a key identifier of type EncryptedKeySHA1
    tempTok.setSHA1(getSHA1(encrKey.getEncryptedEphemeralKey()));

    tokenStore.add(tempTok);

    String bstTokenId = encrKey.getBSTTokenId();
    // If direct ref is used to refer to the cert
    // then add the cert to the sec header now
    if (bstTokenId != null && bstTokenId.length() > 0) {
      encrKey.prependBSTElementToHeader(secHeader);
    }
    return id;
  }