package weblogic.xml.crypto.wss11.internal.bst;

import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.QName;
import weblogic.xml.crypto.encrypt.Utils;
import weblogic.xml.crypto.utils.CertUtils;
import weblogic.xml.crypto.wss.BSTUtils;
import weblogic.xml.crypto.wss.BinarySecurityTokenHandler;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.X509Credential;
import weblogic.xml.crypto.wss.api.BinarySecurityToken;
import weblogic.xml.crypto.wss.api.KeyIdentifier;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;
import weblogic.xml.crypto.wss11.internal.WSS11Constants;

/* loaded from: input_file:weblogic/xml/crypto/wss11/internal/bst/BSTHandler.class */
public class BSTHandler extends BinarySecurityTokenHandler {
    private static final String[] VALUE_TYPES = {WSSConstants.VALUE_TYPE_X509V3, WSSConstants.VALUE_TYPE_X509V1, WSSConstants.VALUE_TYPE_X509PKI, WSSConstants.VALUE_TYPE_PKCS7, WSSConstants.VALUE_TYPE_X509DATA, WSS11Constants.THUMBPRINT_URI};

    @Override // weblogic.xml.crypto.wss.BinarySecurityTokenHandler
    protected SecurityToken getTokenByKeyId(KeyIdentifier keyIdentifier, String str, String str2, List list, Purpose purpose, WSSecurityContext wSSecurityContext) throws WSSecurityException {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            SecurityToken securityToken = (SecurityToken) it.next();
            if ((securityToken instanceof BinarySecurityToken) && matches(keyIdentifier, str2, (X509Credential) securityToken.getCredential())) {
                return amend((BinarySecurityToken) securityToken, purpose, wSSecurityContext);
            }
        }
        Object credential = getCredential(SecurityTokenContextHandler.KEYID, keyIdentifier, str, purpose, wSSecurityContext);
        if (credential != null) {
            return getToken(credential, str, wSSecurityContext);
        }
        X509Certificate lookupCertificate = lookupCertificate(keyIdentifier.getIdentifier(), str2);
        if (lookupCertificate != null) {
            return getToken(lookupCertificate, str, wSSecurityContext);
        }
        throw new WSSecurityException("Failed to resolve security token from key identifier " + keyIdentifier, WSSConstants.FAILURE_TOKEN_UNAVAILABLE);
    }

    @Override // weblogic.xml.crypto.wss.BinarySecurityTokenHandler, weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenReference getSTR(QName qName, String str, SecurityToken securityToken) throws WSSecurityException {
        if (securityToken == null) {
            return null;
        }
        return new BSTR(qName, str, securityToken);
    }

    private static X509Certificate lookupCertificate(byte[] bArr, String str) {
        return WSS11Constants.THUMBPRINT_URI.equals(str) ? CertUtils.lookupCertificate(Utils.toBase64(bArr)) : CertUtils.lookupCertificate(bArr);
    }

    public static boolean matches(KeyIdentifier keyIdentifier, String str, X509Credential x509Credential) {
        return WSS11Constants.THUMBPRINT_URI.equals(str) ? BSTUtils.matchesThumbprint(keyIdentifier, x509Credential) : BSTUtils.matches(keyIdentifier, x509Credential);
    }

    @Override // weblogic.xml.crypto.wss.BinarySecurityTokenHandler, weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public String[] getValueTypes() {
        return VALUE_TYPES;
    }
}
