package weblogic.xml.crypto.wss;

import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Map;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.security.service.ContextHandler;
import weblogic.xml.crypto.dsig.api.keyinfo.X509IssuerSerial;
import weblogic.xml.crypto.utils.CertUtils;
import weblogic.xml.crypto.utils.DOMUtils;
import weblogic.xml.crypto.utils.KeyUtils;
import weblogic.xml.crypto.utils.LogUtils;
import weblogic.xml.crypto.wss.api.BinarySecurityToken;
import weblogic.xml.crypto.wss.api.KeyIdentifier;
import weblogic.xml.crypto.wss.policy.ClaimsBuilder;
import weblogic.xml.dom.marshal.MarshalException;
import weblogic.xml.security.utils.Utils;

/* loaded from: input_file:weblogic/xml/crypto/wss/BSTUtils.class */
public class BSTUtils {
    private static final String POLICY_URI = "http://www.bea.com/wls90/security/policy";
    private static final QName POLICY_SUBJECT_NAME = new QName("http://www.bea.com/wls90/security/policy", "SubjectName");

    public static boolean matches(X509Credential x509Credential, ContextHandler contextHandler) {
        Object value = contextHandler.getValue(SecurityTokenContextHandler.ISSUER_SERIAL);
        if (value != null && !matches((X509IssuerSerial) value, x509Credential)) {
            return false;
        }
        Object value2 = contextHandler.getValue(SecurityTokenContextHandler.KEYID);
        if (value2 != null) {
            KeyIdentifier keyIdentifier = (KeyIdentifier) value2;
            if (!matches(keyIdentifier, x509Credential) && !matchesThumbprint(keyIdentifier, x509Credential)) {
                return false;
            }
        }
        Object value3 = contextHandler.getValue(SecurityTokenContextHandler.THUMBPRINT);
        if (value3 != null && !matchesThumbprint((KeyIdentifier) value3, x509Credential)) {
            return false;
        }
        Object value4 = contextHandler.getValue(SecurityTokenContextHandler.CLAIMS_MAP);
        if (value4 != null && !matches((Node) value4, x509Credential)) {
            return false;
        }
        Object value5 = contextHandler.getValue(SecurityTokenContextHandler.KEY_NAME);
        return value5 == null || matches((String) value5, x509Credential);
    }

    private static boolean matches(String str, X509Credential x509Credential) {
        String name = x509Credential.getCertificate().getSubjectDN().getName();
        System.out.println("trying to match keyname " + str + " and subject dn principal name " + name);
        if (name.equals(str)) {
            return true;
        }
        LogUtils.logWss("X509 certificate's subject DN does not match keyname " + str);
        return false;
    }

    public static boolean matchesThumbprint(KeyIdentifier keyIdentifier, X509Credential x509Credential) {
        return x509Credential != null && matchesThumbprint(x509Credential.getCertificate(), keyIdentifier.getIdentifier());
    }

    public static boolean matchesThumbprint(X509Certificate x509Certificate, byte[] bArr) {
        try {
            if (KeyUtils.matches(CertUtils.getThumbprint(x509Certificate), bArr)) {
                return true;
            }
        } catch (WSSecurityException e) {
        }
        LogUtils.logWss("X509 certificate's thumbprint does not match.");
        return false;
    }

    public static boolean matches(KeyIdentifier keyIdentifier, X509Credential x509Credential) {
        if (x509Credential == null) {
            return false;
        }
        if (KeyUtils.matches(keyIdentifier.getIdentifier(), Utils.getSubjectKeyIdentifier(x509Credential.getCertificate()))) {
            return true;
        }
        LogUtils.logWss("X509 certificate's key identifier does not match.");
        return false;
    }

    public static boolean matches(X509IssuerSerial x509IssuerSerial, X509Credential x509Credential) {
        X509Certificate certificate = x509Credential.getCertificate();
        BigInteger serialNumber = certificate.getSerialNumber();
        if (x509IssuerSerial.getSerialNumber().equals(serialNumber)) {
            return matches(x509IssuerSerial.getIssuerName(), certificate);
        }
        LogUtils.logWss("X509 certificate's serial number " + serialNumber + " does not match " + x509IssuerSerial.getSerialNumber());
        return false;
    }

    public static boolean matches(String str, X509Certificate x509Certificate) {
        String name = x509Certificate.getIssuerX500Principal().getName();
        String name2 = x509Certificate.getIssuerDN().getName();
        boolean z = compareIssuerName(str, name) || compareIssuerName(str, name2);
        if (!z) {
            LogUtils.logWss("X509 certificate's issuer name " + name + "/" + name2 + " does not match " + str);
        }
        return z;
    }

    private static boolean compareIssuerName(String str, String str2) {
        if (str == null) {
            return str2 == null;
        }
        if (str2 == null) {
            return false;
        }
        String[] split = str.replaceAll("\\s", "").split(",");
        String[] split2 = str2.replaceAll("\\s", "").split(",");
        Arrays.sort(split);
        Arrays.sort(split2);
        boolean equals = Arrays.equals(split, split2);
        if (equals || split.length < 3 || split2.length < 3) {
            return equals;
        }
        int indexOf = str.indexOf(" S=");
        int indexOf2 = str2.indexOf(" S=");
        if (indexOf == -1 && indexOf2 == -1) {
            return equals;
        }
        if (indexOf != -1) {
            split = replace2ST(split);
        }
        if (indexOf2 != -1) {
            split2 = replace2ST(split2);
        }
        return Arrays.equals(split, split2);
    }

    private static String[] replace2ST(String[] strArr) {
        int length = strArr.length - 1;
        while (true) {
            if (length > 1) {
                if (strArr[length] != null && strArr[length].startsWith("S=")) {
                    strArr[length] = "ST=" + strArr[length].substring(2);
                    break;
                }
                length--;
            } else {
                break;
            }
        }
        return strArr;
    }

    public static boolean matches(BinarySecurityToken binarySecurityToken, X509Credential x509Credential) {
        return X509Credential.matches((X509Credential) binarySecurityToken.getCredential(), x509Credential);
    }

    public static boolean matches(Node node, X509Credential x509Credential) {
        X509Certificate certificate = x509Credential.getCertificate();
        String claimFromElt = ClaimsBuilder.getClaimFromElt(node, POLICY_SUBJECT_NAME);
        if (claimFromElt == null || certificate.getSubjectX500Principal().getName().equals(claimFromElt)) {
            return true;
        }
        LogUtils.logWss("X509 certificate's subject name " + certificate.getSubjectX500Principal().getName() + " does not match claims subject name " + claimFromElt);
        return false;
    }

    public static void marshalToken(BinarySecurityToken binarySecurityToken, Element element, Map map, Node node, boolean z) throws MarshalException {
        Map namespaceMap = DOMUtils.getNamespaceMap(element);
        String str = (String) map.get("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        String str2 = (String) map.get("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        Element createElement = DOMUtils.createElement(element, WSSConstants.BST_QNAME, str);
        DOMUtils.declareNamespace(createElement, WSSConstants.BST_QNAME.getNamespaceURI(), str);
        if (binarySecurityToken.getId() != null) {
            DOMUtils.addPrefixedAttribute(createElement, WSSConstants.WSU_ID_QNAME, str2, binarySecurityToken.getId());
            DOMUtils.declareNamespace(createElement, WSSConstants.WSU_ID_QNAME.getNamespaceURI(), str2, namespaceMap);
        }
        String valueType = binarySecurityToken.getValueType();
        if (valueType != null) {
            DOMUtils.addAttribute(createElement, WSSConstants.VALUE_TYPE_QNAME, valueType);
        }
        if (z) {
            DOMUtils.addAttribute(createElement, WSSConstants.ENCODING_TYPE_QNAME, binarySecurityToken.getEncodingType());
        }
        try {
            DOMUtils.addText(createElement, binarySecurityToken.getEncodedValue());
            if (node != null) {
                element.insertBefore(createElement, node);
            } else {
                element.appendChild(createElement);
            }
        } catch (WSSecurityException e) {
            throw new MarshalException("Failed to encode BinarySecurityToken.", e);
        }
    }

    public static boolean isX509Type(String str) {
        for (int i = 0; i < WSSConstants.BUILTIN_BST_VALUETYPES.length; i++) {
            if (WSSConstants.BUILTIN_BST_VALUETYPES[i].equals(str)) {
                return true;
            }
        }
        return false;
    }
}
