package weblogic.wsee.security.serviceref;

import java.security.AccessController;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import weblogic.security.KeyPairCredential;
import weblogic.security.PublicCertCredential;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.ContextHandler;
import weblogic.security.service.PrivilegedActions;
import weblogic.wsee.security.bst.BSTCredentialProvider;
import weblogic.xml.crypto.wss.X509Credential;
import weblogic.xml.crypto.wss.provider.Purpose;

/* loaded from: input_file:weblogic/wsee/security/serviceref/ServiceRefBSTCredProv.class */
public class ServiceRefBSTCredProv extends BSTCredentialProvider {
    private static final AuthenticatedSubject kernelID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    @Override // weblogic.xml.crypto.wss.provider.CredentialProvider
    public Object getCredential(String str, String str2, ContextHandler contextHandler, Purpose purpose) {
        Object credential;
        if (isForVerification(purpose) || isForEncryption(purpose)) {
            Object credential2 = ServiceRefUtils.getCredential(kernelID, "weblogic.pki.TrustedCertificate", str2, contextHandler);
            if (credential2 != null) {
                return new X509Credential((X509Certificate) ((PublicCertCredential) credential2).getCertificate());
            }
            return null;
        }
        if ((purpose != null && !isForIdentity(purpose) && !isForSigning(purpose) && !isForResponseEncryption(purpose) && !isForDecryption(purpose)) || (credential = ServiceRefUtils.getCredential(kernelID, "weblogic.pki.Keypair", str2, contextHandler)) == null) {
            return null;
        }
        KeyPairCredential keyPairCredential = (KeyPairCredential) credential;
        return new X509Credential((X509Certificate) keyPairCredential.getCertificate(), (PrivateKey) keyPairCredential.getKey());
    }
}
