package weblogic.wsee.security.serviceref;

import java.net.MalformedURLException;
import java.net.URL;
import java.security.Principal;
import java.util.Iterator;
import javax.xml.rpc.handler.MessageContext;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.ContextHandler;
import weblogic.security.service.CredentialManager;
import weblogic.security.service.RemoteResource;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.spi.Resource;
import weblogic.security.spi.WLSUser;
import weblogic.xml.crypto.utils.LogUtils;
import weblogic.xml.crypto.wss.SecurityImpl;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.WSSecurityContext;

/* loaded from: input_file:weblogic/wsee/security/serviceref/ServiceRefUtils.class */
public class ServiceRefUtils {
    private static boolean VERBOSE = SecurityImpl.VERBOSE;
    public static final String END_POINT_ADDRESS = "weblogic.wsee.connection.end_point_address";

    public static Object getCredential(AuthenticatedSubject authenticatedSubject, String str, String str2, ContextHandler contextHandler) {
        Resource resource;
        String principalName = getPrincipalName(authenticatedSubject, contextHandler, str);
        if (principalName == null || (resource = getResource(contextHandler)) == null) {
            return null;
        }
        CredentialManager credentialManager = getCredentialManager(authenticatedSubject);
        Object[] credentials = credentialManager.getCredentials(authenticatedSubject, principalName, resource, (ContextHandler) null, str);
        if (credentials.length < 1) {
            credentials = credentialManager.getCredentials(authenticatedSubject, SecurityServiceManager.getCurrentSubject(authenticatedSubject), resource, (ContextHandler) null, str);
            if (credentials.length < 1) {
                LogUtils.logWss("No credentials found for principal name " + principalName + " and remote resource " + resource);
                return null;
            }
        }
        LogUtils.logWss("Got credentials for principal name " + principalName + " and remote resource " + resource);
        return credentials[0];
    }

    private static CredentialManager getCredentialManager(AuthenticatedSubject authenticatedSubject) {
        return SecurityServiceManager.getSecurityService(authenticatedSubject, SecurityServiceManager.getContextSensitiveRealmName(), SecurityService.ServiceType.CREDENTIALMANAGER);
    }

    private static String getPrincipal(AuthenticatedSubject authenticatedSubject) {
        return getName(SecurityServiceManager.getCurrentSubject(authenticatedSubject));
    }

    private static String getName(AuthenticatedSubject authenticatedSubject) {
        String str = null;
        Iterator it = authenticatedSubject.getPrincipals(WLSUser.class).iterator();
        if (it.hasNext()) {
            str = ((Principal) it.next()).getName();
        }
        return str;
    }

    private static Resource getResource(ContextHandler contextHandler) {
        MessageContext messageContext = ((WSSecurityContext) contextHandler.getValue(SecurityTokenContextHandler.SECURITY_INFO)).getMessageContext();
        String str = (String) messageContext.getProperty(WSSecurityContext.END_POINT_URL);
        if (str != null) {
            LogUtils.logWss("Endpoint address from message context property weblogic.wsee.security.wss.end_point_url : " + str);
        }
        if (str == null) {
            str = (String) messageContext.getProperty("weblogic.wsee.connection.end_point_address");
            if (str != null) {
                LogUtils.logWss("Endpoint address from message context property weblogic.wsee.connection.end_point_address : " + str);
            }
        }
        try {
            URL url = new URL(str);
            return new RemoteResource(url.getProtocol(), url.getHost(), String.valueOf(url.getPort()), url.getPath(), (String) null);
        } catch (MalformedURLException e) {
            LogUtils.logWss("Could not create RemoteResource, endpoint address: " + str + ", " + e);
            return null;
        }
    }

    private static String getPrincipalName(AuthenticatedSubject authenticatedSubject, ContextHandler contextHandler, String str) {
        String str2 = null;
        if ("weblogic.pki.Keypair".equals(str) || "weblogic.pki.TrustedCertificate".equals(str)) {
            str2 = (String) contextHandler.getValue(SecurityTokenContextHandler.PKI_INITIATOR);
        }
        LogUtils.logWss("Principal name from context handler: " + str2);
        if (str2 == null) {
            str2 = getPrincipal(authenticatedSubject);
            LogUtils.logWss("Principal name from subject on thread:" + str2);
        }
        if (str2 == null) {
            AuthenticatedSubject authenticatedSubject2 = (AuthenticatedSubject) contextHandler.getValue("weblogic.wsee.wss.subject");
            if (authenticatedSubject2 != null) {
                str2 = getName(authenticatedSubject2);
            }
            LogUtils.logWss("Principal name from security context:" + str2);
        }
        return str2;
    }
}
