package weblogic.xml.crypto.utils;

import com.bea.security.utils.wss.WSSThumbprint;
import com.bea.security.utils.wss.WSSThumbprintException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import weblogic.kernel.Kernel;
import weblogic.security.pk.CertPathBuilderParameters;
import weblogic.security.pk.CertPathSelector;
import weblogic.security.pk.CertPathValidatorParameters;
import weblogic.security.pk.EndCertificateSelector;
import weblogic.security.pk.IssuerDNSerialNumberSelector;
import weblogic.security.pk.SubjectKeyIdentifierSelector;
import weblogic.security.pk.X509ThumbprintSelector;
import weblogic.security.service.ContextHandler;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.shared.LoggerWrapper;
import weblogic.security.utils.SSLContextManager;
import weblogic.utils.io.UnsyncByteArrayInputStream;
import weblogic.xml.crypto.wss.WSSecurityConfigurationException;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.security.utils.Utils;

/* loaded from: input_file:weblogic/xml/crypto/utils/CertUtils.class */
public class CertUtils {
    private static final LoggerWrapper logger = LoggerWrapper.getInstance("weblogic.xml.crypto.Logger");

    public static X509Certificate getCertificate(byte[] bArr) {
        try {
            return (X509Certificate) Utils.getCertFactory().generateCertificate(new UnsyncByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            throw new AssertionError("Unable to decode certificate: " + e);
        }
    }

    public static X509CRL getCRL(byte[] bArr) {
        try {
            return (X509CRL) Utils.getCertFactory().generateCRL(new UnsyncByteArrayInputStream(bArr));
        } catch (CRLException e) {
            throw new AssertionError("Unable to decode certificate revocation list: " + e);
        }
    }

    public static boolean validateCertPath(CertPath certPath) {
        if (!Kernel.isServer()) {
            logger.error("CertPathBuilder cannot be used off-platform");
            return false;
        }
        try {
            try {
                CertPathValidator.getInstance("WLSCertPathValidator").validate(certPath, new CertPathValidatorParameters(SecurityServiceManager.getContextSensitiveRealmName(), (X509Certificate[]) null, (ContextHandler) null));
                return true;
            } catch (InvalidAlgorithmParameterException e) {
                return false;
            } catch (CertPathValidatorException e2) {
                return false;
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new AssertionError(e3);
        }
    }

    public static boolean validateCertificate(X509Certificate x509Certificate) {
        return buildCertPath(new EndCertificateSelector(x509Certificate)) != null;
    }

    public static X509Certificate lookupCertificate(String str) {
        return lookupCertificate((CertPathSelector) new X509ThumbprintSelector(str));
    }

    public static X509Certificate lookupCertificate(String str, BigInteger bigInteger) {
        return lookupCertificate((CertPathSelector) new IssuerDNSerialNumberSelector(str, bigInteger));
    }

    public static X509Certificate lookupCertificate(byte[] bArr) {
        return lookupCertificate((CertPathSelector) new SubjectKeyIdentifierSelector(bArr));
    }

    public static X509Certificate lookupCertificate(CertPathSelector certPathSelector) {
        CertPathBuilderResult buildCertPath = buildCertPath(certPathSelector);
        if (buildCertPath == null) {
            return null;
        }
        Certificate certificate = buildCertPath.getCertPath().getCertificates().get(0);
        if (certificate instanceof X509Certificate) {
            return (X509Certificate) certificate;
        }
        return null;
    }

    private static CertPathBuilderResult buildCertPath(CertPathSelector certPathSelector) {
        if (!Kernel.isServer()) {
            logger.error("CertPathBuilder cannot be used off-platform");
            return null;
        }
        try {
            try {
                return CertPathBuilder.getInstance("WLSCertPathBuilder").build(new CertPathBuilderParameters(SecurityServiceManager.getContextSensitiveRealmName(), certPathSelector, (X509Certificate[]) null, (ContextHandler) null));
            } catch (InvalidAlgorithmParameterException e) {
                logger.error("CertPathBuilder does not support building cert path from " + certPathSelector.getClass(), e);
                return null;
            } catch (CertPathBuilderException e2) {
                logger.error("Failed to build CertPath", e2);
                return null;
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new AssertionError(e3);
        }
    }

    public static boolean supportsSign(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage == null) {
            return true;
        }
        return keyUsage[0];
    }

    public static boolean supportsKeyEncrypt(X509Certificate x509Certificate) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage == null) {
            return true;
        }
        return keyUsage[2];
    }

    public static X509Certificate[] getTrustedCAs() throws WSSecurityConfigurationException {
        try {
            return SSLContextManager.getServerTrustedCAs();
        } catch (Exception e) {
            throw new WSSecurityConfigurationException("Failed to get trusted CAs.");
        }
    }

    public static final byte[] getThumbprint(X509Certificate x509Certificate) throws WSSecurityException {
        try {
            return weblogic.xml.crypto.encrypt.Utils.base64(WSSThumbprint.generateThumbprint(x509Certificate));
        } catch (WSSThumbprintException e) {
            throw new WSSecurityException((Exception) e);
        }
    }
}
