package weblogic.wsee.security.bst;

import java.io.Serializable;
import java.security.PrivateKey;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import weblogic.security.service.ContextHandler;
import weblogic.wsee.security.util.CertUtils;
import weblogic.xml.crypto.wss.BSTUtils;
import weblogic.xml.crypto.wss.X509Credential;
import weblogic.xml.crypto.wss.provider.Purpose;

/* loaded from: input_file:weblogic/wsee/security/bst/ClientBSTCredentialProvider.class */
public class ClientBSTCredentialProvider extends BST11CredentialProvider implements Serializable {
    X509Credential clientCredential;
    X509Credential serverPublicCert;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClientBSTCredentialProvider() {
    }

    public ClientBSTCredentialProvider(String str, String str2, String str3, String str4) throws Exception {
        this(str, str2, str3, str4, "JKS", null);
    }

    public ClientBSTCredentialProvider(String str, String str2, String str3, String str4, String str5) throws Exception {
        this(str, str2, str3, str4, str5, null);
    }

    public ClientBSTCredentialProvider(String str, String str2, String str3, String str4, String str5, X509Certificate x509Certificate) throws Exception {
        this((X509Certificate) CertUtils.getCertificate(str, str2, str3, str5).get(0), CertUtils.getPrivateKey(str3, str4, str, str5, str2), x509Certificate);
    }

    public ClientBSTCredentialProvider(String str, String str2) throws Exception {
        this(CertUtils.getCertificate(str), CertUtils.getPKCS8PrivateKey(str2), (X509Certificate) null);
    }

    public ClientBSTCredentialProvider(String str, String str2, String str3) throws Exception {
        this(CertUtils.getCertificate(str), CertUtils.getPKCS8PrivateKey(str2), CertUtils.getCertificate(str3));
    }

    public ClientBSTCredentialProvider(X509Certificate x509Certificate, PrivateKey privateKey, X509Certificate x509Certificate2) {
        this.clientCredential = new X509Credential(x509Certificate, privateKey);
        if (x509Certificate2 != null) {
            this.serverPublicCert = new X509Credential(x509Certificate2);
        }
    }

    public ClientBSTCredentialProvider(CertPath certPath, PrivateKey privateKey) {
        this.clientCredential = new X509Credential(certPath, privateKey);
    }

    public ClientBSTCredentialProvider(X509Certificate x509Certificate, CertPath certPath, PrivateKey privateKey) {
        this.clientCredential = new X509Credential(certPath, privateKey);
        if (x509Certificate != null) {
            this.serverPublicCert = new X509Credential(x509Certificate);
        }
    }

    public void setServerCertificate(X509Certificate x509Certificate) {
        if (x509Certificate != null) {
            this.serverPublicCert = new X509Credential(x509Certificate);
        } else {
            this.serverPublicCert = null;
        }
    }

    @Override // weblogic.xml.crypto.wss.provider.CredentialProvider
    public Object getCredential(String str, String str2, ContextHandler contextHandler, Purpose purpose) {
        if (this.serverPublicCert != null && ((purpose == null || isForEncryption(purpose) || isForVerification(purpose)) && BSTUtils.matches(this.serverPublicCert, contextHandler))) {
            return this.serverPublicCert;
        }
        if (this.clientCredential == null) {
            return null;
        }
        if (purpose != null && !isForIdentity(purpose) && !isForSigning(purpose) && !isForResponseEncryption(purpose) && !isForDecryption(purpose)) {
            return null;
        }
        if ((str2 == null || this.clientCredential.getCertificate().getIssuerX500Principal().getName().equals(str2)) && BSTUtils.matches(this.clientCredential, contextHandler)) {
            return this.clientCredential;
        }
        return null;
    }

    public ClientBSTCredentialProvider cloneAndReplaceServerCert(X509Certificate x509Certificate) {
        ClientBSTCredentialProvider clientBSTCredentialProvider;
        try {
            clientBSTCredentialProvider = (ClientBSTCredentialProvider) clone();
        } catch (CloneNotSupportedException e) {
            clientBSTCredentialProvider = this.clientCredential != null ? new ClientBSTCredentialProvider(this.clientCredential.getCertificate(), this.clientCredential.getPrivateKey(), x509Certificate) : new ClientBSTCredentialProvider((X509Certificate) null, (PrivateKey) null, x509Certificate);
        }
        clientBSTCredentialProvider.setServerCertificate(x509Certificate);
        return clientBSTCredentialProvider;
    }

    public String toString() {
        String str;
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("[ClientBSTCredentialProvider: clientCred=");
        if (this.clientCredential == null || this.clientCredential.getCertificate() == null) {
            str = "none";
        } else {
            str = this.clientCredential.getCertificate().getSubjectDN() + " keyIsNull=" + (this.clientCredential.getPrivateKey() != null);
        }
        stringBuffer.append(str);
        stringBuffer.append(" serverCert=");
        stringBuffer.append((this.serverPublicCert == null || this.serverPublicCert.getCertificate() == null) ? "none" : this.serverPublicCert.getCertificate().getSubjectDN());
        stringBuffer.append("]");
        return stringBuffer.toString();
    }
}
