package weblogic.wsee.callback;

import com.oracle.webservices.impl.internalspi.platform.CredentialServiceFactory;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.AccessController;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import weblogic.apache.xerces.impl.dv.util.Base64;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.internal.SerializedSystemIni;
import weblogic.security.internal.encryption.ClearOrEncryptedService;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.wsee.connection.transport.https.HttpsTransportInfo;
import weblogic.wsee.security.bst.ClientBSTCredentialProvider;
import weblogic.wsee.security.bst.StubPropertyBSTCredProv;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
import weblogic.xml.crypto.wss.provider.CredentialProvider;

/* loaded from: input_file:weblogic/wsee/callback/CallbackCredentials.class */
public class CallbackCredentials implements Serializable {
    static final long serialVersionUID = 3;
    private static final AuthenticatedSubject kernelID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static ClearOrEncryptedService _coes;
    private String _keyStoreLocation;
    private String _keyStorePassword;
    private String _trustStoreLocation;
    private String _trustStorePassword;
    private String _keyAlias;
    private X509Certificate _serverCert;
    private String _keyPassword;
    private boolean _useClientCerts;
    private String _keyStoreType = "JKS";
    private String _trustStoreType = "JKS";
    private String _password = null;
    private String _username = null;

    /* loaded from: input_file:weblogic/wsee/callback/CallbackCredentials$RelaxedX509TrustManager.class */
    private static class RelaxedX509TrustManager implements X509TrustManager {
        private RelaxedX509TrustManager() {
        }

        public boolean isClientTrusted(X509Certificate[] x509CertificateArr) {
            return true;
        }

        public boolean isServerTrusted(X509Certificate[] x509CertificateArr) {
            return true;
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        }
    }

    public void setUsername(String str) {
        this._username = str;
    }

    public void setPassword(String str) {
        this._password = str;
    }

    public String getUsername() {
        return this._username;
    }

    public String getPassword() {
        return this._password;
    }

    public void setKeystore(String str, String str2, String str3) {
        if (str == null || str2 == null) {
            throw new IllegalArgumentException("Key store location and password must both be specified in a service control");
        }
        this._keyStoreLocation = str;
        this._keyStorePassword = str2;
        if (str3 != null) {
            this._keyStoreType = str3;
        }
    }

    public void setTruststore(String str, String str2, String str3) {
        if (str == null || str2 == null) {
            throw new IllegalArgumentException("Trust store location and password must both be specified in a service control");
        }
        this._trustStoreLocation = str;
        this._trustStorePassword = str2;
        if (str3 != null) {
            this._trustStoreType = str3;
        }
    }

    public void setClientCert(String str, String str2) {
        this._keyAlias = str;
        this._keyPassword = str2;
    }

    public void setServerCert(X509Certificate x509Certificate) {
        this._serverCert = x509Certificate;
    }

    public void useClientKeySSL(boolean z) {
        this._useClientCerts = z;
    }

    public boolean useClientKeySSL() {
        return this._useClientCerts;
    }

    public String getHttpBasicAuth() {
        return "Basic " + new String(Base64.encode((this._username + ":" + this._password).getBytes()));
    }

    public List<CredentialProvider> getMessageCredentialProviders() {
        ArrayList arrayList = new ArrayList();
        if (this._password != null || this._username != null) {
            arrayList.add(new ClientUNTCredentialProvider(this._username != null ? this._username.getBytes() : null, this._password != null ? this._password.getBytes() : null));
        }
        try {
            if (this._keyStoreLocation != null && this._keyStorePassword != null && this._keyAlias != null) {
                arrayList.add(new ClientBSTCredentialProvider(this._keyStoreLocation, this._keyStorePassword, this._keyAlias, this._keyPassword, this._keyStoreType, this._serverCert));
            } else if (this._serverCert != null) {
                arrayList.add(new StubPropertyBSTCredProv(this._serverCert, this._serverCert));
            }
            return arrayList;
        } catch (Exception e) {
            throw new RuntimeException("Error processing keystore.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HttpsTransportInfo getHttpsTransportInfo() {
        if (!this._useClientCerts) {
            return null;
        }
        HttpsTransportInfo httpsTransportInfo = new HttpsTransportInfo();
        httpsTransportInfo.setTrustManagers(new X509TrustManager[]{new RelaxedX509TrustManager()});
        if (this._keyStoreLocation != null && this._keyStorePassword != null) {
            try {
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                KeyStore keystore = CredentialServiceFactory.getCredentialService().getKeystore(this._keyStoreLocation, this._keyStorePassword, this._keyStoreType);
                String str = this._keyPassword;
                if (str == null) {
                    str = this._keyStorePassword;
                }
                if (this._keyAlias == null) {
                    keyManagerFactory.init(keystore, str.toCharArray());
                } else {
                    Certificate[] certificateChain = keystore.getCertificateChain(this._keyAlias);
                    if (certificateChain == null) {
                        throw new SecurityException("No such key with alias '" + this._keyAlias + "' in key-store '" + this._keyStoreLocation + "'");
                    }
                    Key key = keystore.getKey(this._keyAlias, str.toCharArray());
                    KeyStore keyStore = KeyStore.getInstance("KSS".equals(this._keyStoreType) ? "JKS" : this._keyStoreType);
                    keyStore.load(null, this._keyStorePassword.toCharArray());
                    keyStore.setKeyEntry(this._keyAlias, key, str.toCharArray(), certificateChain);
                    keyManagerFactory.init(keyStore, str.toCharArray());
                }
                httpsTransportInfo.setKeyManagers(keyManagerFactory.getKeyManagers());
            } catch (Exception e) {
                throw new SecurityException("Cannot load key-store '" + this._keyStoreLocation + "' " + e);
            }
        }
        if (this._trustStoreLocation != null && this._trustStorePassword != null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(CredentialServiceFactory.getCredentialService().getKeystore(this._trustStoreLocation, this._trustStorePassword, this._trustStoreType));
                httpsTransportInfo.setTrustManagers(trustManagerFactory.getTrustManagers());
            } catch (Exception e2) {
                throw new SecurityException("Cannot load trust-store '" + this._trustStoreLocation + "' " + e2);
            }
        }
        return httpsTransportInfo;
    }

    private void writeObject(ObjectOutputStream objectOutputStream) throws IOException {
        synchronized (this) {
            String str = this._keyStoreLocation;
            String str2 = this._keyStorePassword;
            String str3 = this._keyStoreType;
            String str4 = this._trustStoreLocation;
            String str5 = this._trustStorePassword;
            String str6 = this._trustStoreType;
            String str7 = this._password;
            String str8 = this._username;
            String str9 = this._keyAlias;
            String str10 = this._keyPassword;
            if (this._keyStoreLocation != null) {
                this._keyStoreLocation = _coes.encrypt(this._keyStoreLocation);
            }
            if (this._keyStorePassword != null) {
                this._keyStorePassword = _coes.encrypt(this._keyStorePassword);
            }
            if (this._keyStoreType != null) {
                this._keyStoreType = _coes.encrypt(this._keyStoreType);
            }
            if (this._trustStoreLocation != null) {
                this._trustStoreLocation = _coes.encrypt(this._trustStoreLocation);
            }
            if (this._trustStorePassword != null) {
                this._trustStorePassword = _coes.encrypt(this._trustStorePassword);
            }
            if (this._trustStoreType != null) {
                this._trustStoreType = _coes.encrypt(this._trustStoreType);
            }
            if (this._password != null) {
                this._password = _coes.encrypt(this._password);
            }
            if (this._username != null) {
                this._username = _coes.encrypt(this._username);
            }
            if (this._keyAlias != null) {
                this._keyAlias = _coes.encrypt(this._keyAlias);
            }
            if (this._keyPassword != null) {
                this._keyPassword = _coes.encrypt(this._keyPassword);
            }
            objectOutputStream.defaultWriteObject();
            this._keyStoreLocation = str;
            this._keyStorePassword = str2;
            this._keyStoreType = str3;
            this._trustStoreLocation = str4;
            this._trustStorePassword = str5;
            this._trustStoreType = str6;
            this._password = str7;
            this._username = str8;
            this._keyAlias = str9;
            this._keyPassword = str10;
        }
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        if (this._keyStoreLocation != null) {
            this._keyStoreLocation = _coes.decrypt(this._keyStoreLocation);
        }
        if (this._keyStoreType != null) {
            this._keyStoreType = _coes.decrypt(this._keyStoreType);
        }
        if (this._keyStorePassword != null) {
            this._keyStorePassword = _coes.decrypt(this._keyStorePassword);
        }
        if (this._trustStoreLocation != null) {
            this._trustStoreLocation = _coes.decrypt(this._trustStoreLocation);
        }
        if (this._trustStoreType != null) {
            this._trustStoreType = _coes.decrypt(this._trustStoreType);
        }
        if (this._trustStorePassword != null) {
            this._trustStorePassword = _coes.decrypt(this._trustStorePassword);
        }
        if (this._password != null) {
            this._password = _coes.decrypt(this._password);
        }
        if (this._username != null) {
            this._username = _coes.decrypt(this._username);
        }
        if (this._keyPassword != null) {
            this._keyPassword = _coes.decrypt(this._keyPassword);
        }
        if (this._keyAlias != null) {
            this._keyAlias = _coes.decrypt(this._keyAlias);
        }
    }

    static {
        try {
            SecurityServiceManager.runAs(kernelID, kernelID, new PrivilegedExceptionAction() { // from class: weblogic.wsee.callback.CallbackCredentials.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    ClearOrEncryptedService unused = CallbackCredentials._coes = new ClearOrEncryptedService(SerializedSystemIni.getEncryptionService());
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
        }
    }
}
