package weblogic.wsee.security.util;

import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.rpc.handler.MessageContext;
import weblogic.wsee.security.bst.ClientBSTCredentialProvider;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.X509Credential;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.security.utils.Utils;

/* loaded from: input_file:weblogic/wsee/security/util/BSTCredentialProviderUtil.class */
public class BSTCredentialProviderUtil {
    private static final Logger LOGGER = Logger.getLogger(BSTCredentialProviderUtil.class.getName());
    private static final String X509V3_VALUE_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";

    public static void dumpBST(String str, MessageContext messageContext) {
        try {
            LOGGER.log(Level.FINE, "BST --" + str);
            Map credentialProviders = WSSecurityContext.getCredentialProviders(messageContext);
            if (null == credentialProviders) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "No crdential provider found");
                    return;
                }
                return;
            }
            CredentialProvider credentialProvider = (CredentialProvider) credentialProviders.get("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
            if (null == credentialProvider) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "No X509V3 crdential provider found");
                }
            } else {
                if (credentialProvider instanceof ClientBSTCredentialProvider) {
                    LOGGER.log(Level.FINE, "ClientBSTCredentialProvider CP =" + credentialProvider.toString() + "\n");
                } else {
                    LOGGER.log(Level.FINE, "CredentialProvider CP =" + credentialProvider.toString() + "\n");
                }
            }
        } catch (Exception e) {
            LOGGER.log(Level.FINE, e.getMessage(), (Throwable) e);
        }
    }

    public static X509Credential findX509Credential(MessageContext messageContext, X509Certificate x509Certificate) {
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Finding ClientBSTCredentialProvider that has X509 cert =" + dumpX509CertInfo(x509Certificate));
        }
        WSSecurityContext securityContext = WSSecurityContext.getSecurityContext(messageContext);
        if (null == securityContext) {
            if (!LOGGER.isLoggable(Level.FINE)) {
                return null;
            }
            LOGGER.log(Level.FINE, "No securityContext found");
            return null;
        }
        try {
            Object credential = securityContext.getRequiredCredentialProvider("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3").getCredential("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3", null, new SecurityTokenContextHandler(securityContext), Purpose.SIGN);
            if (credential == null || !(credential instanceof X509Credential)) {
                LOGGER.log(Level.FINE, "Unable to find the X509 credentail for valueType = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 credential is " + credential);
                return null;
            }
            X509Credential x509Credential = (X509Credential) credential;
            if (x509Certificate.equals(x509Credential.getCertificate())) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Found the credendtial for the given X509 cert");
                }
                return (X509Credential) credential;
            }
            if (!LOGGER.isLoggable(Level.FINE)) {
                return null;
            }
            LOGGER.log(Level.FINE, "Unable to find the matched X509 credentail for valueType = http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 credential found was " + x509Credential);
            return null;
        } catch (WSSecurityException e) {
            e.printStackTrace();
            LOGGER.log(Level.FINE, e.getMessage(), (Throwable) e);
            return null;
        }
    }

    public static String dumpX509CertInfo(X509Certificate x509Certificate) {
        if (null == x509Certificate) {
            return "Null";
        }
        StringBuffer stringBuffer = new StringBuffer();
        try {
            x509Certificate.getSubjectDN();
            stringBuffer.append(x509Certificate.getSubjectDN());
            stringBuffer.append(" SKI=");
            byte[] subjectKeyIdentifier = Utils.getSubjectKeyIdentifier(x509Certificate);
            if (null == subjectKeyIdentifier || subjectKeyIdentifier.length == 0) {
                stringBuffer.append("Null");
            } else {
                stringBuffer.append(Utils.toBase64(subjectKeyIdentifier));
            }
            stringBuffer.append(" TP=");
            stringBuffer.append(Utils.toBase64(weblogic.xml.crypto.utils.CertUtils.getThumbprint(x509Certificate)));
        } catch (Exception e) {
            stringBuffer.append("? exception=" + e.getMessage());
        }
        return stringBuffer.toString();
    }
}
