package weblogic.xml.crypto.wss;

import java.security.AccessController;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.xml.crypto.wss.api.UsernameToken;

/* loaded from: input_file:weblogic/xml/crypto/wss/SecurityUtils.class */
public class SecurityUtils {
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static final Map AUTHENTICATORS = new HashMap();

    public static AuthenticatedSubject assertIdentity(X509Certificate[] x509CertificateArr, String str) throws LoginException {
        try {
            return getPrincipalAuthenticator(str).assertIdentity("X.509", x509CertificateArr);
        } catch (ClassCastException e) {
            return null;
        } catch (SecurityException e2) {
            return null;
        }
    }

    public static Subject assertIdentity(UsernameToken usernameToken, String str) throws WSSecurityException {
        Subject subject = null;
        try {
            AuthenticatedSubject assertId = usernameToken.getPasswordType().equals(WSSConstants.PASSWORD_TYPE_TEXT) ? assertId(usernameToken.getUsername(), usernameToken.getPassword(), str) : assertId(usernameToken, str);
            if (assertId != null) {
                subject = assertId.getSubject();
            }
            if (subject != null) {
                return subject;
            }
            throw new WSSecurityException("Failed to get subject from UsernameToken.", WSSConstants.FAILURE_AUTH);
        } catch (LoginException e) {
            throw new WSSecurityException("Failed to assert identity with UsernameToken.", WSSConstants.FAILURE_AUTH);
        }
    }

    private static AuthenticatedSubject assertId(String str, byte[] bArr, String str2) throws LoginException {
        return getPrincipalAuthenticator(str2).authenticate(new SimpleCallbackHandler(str, bArr));
    }

    private static AuthenticatedSubject assertId(UsernameToken usernameToken, String str) throws LoginException {
        return getPrincipalAuthenticator(str).assertIdentity("wsse:PasswordDigest", usernameToken);
    }

    private static PrincipalAuthenticator getPrincipalAuthenticator(String str) {
        if (str == null) {
            str = "weblogicDEFAULT";
        }
        PrincipalAuthenticator principalAuthenticator = (PrincipalAuthenticator) AUTHENTICATORS.get(str);
        if (principalAuthenticator == null) {
            principalAuthenticator = (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(getKernelID(), str, SecurityService.ServiceType.AUTHENTICATION);
            AUTHENTICATORS.put(str, principalAuthenticator);
        }
        return principalAuthenticator;
    }

    private static AuthenticatedSubject getKernelID() {
        return KERNEL_ID;
    }

    public static boolean isTokenTypeSupported(String str) {
        return getPrincipalAuthenticator(null).isTokenTypeSupported(str);
    }

    public static boolean isPasswordDigestSupported() {
        return isTokenTypeSupported("wsse:PasswordDigest");
    }

    public static boolean isX509Supported() {
        return isTokenTypeSupported("X.509");
    }

    public static boolean isSAMLTokenSupported() {
        return isTokenTypeSupported("SAML.Assertion.DOM");
    }
}
