package weblogic.wsee.server.servlet;

import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import weblogic.management.configuration.SSLMBean;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.servlet.internal.WebAppServletContext;
import weblogic.utils.http.HttpParsing;
import weblogic.wsee.policy.framework.NormalizedExpression;
import weblogic.wsee.policy.framework.PolicyAlternative;
import weblogic.wsee.security.wssp.HttpsTokenAssertion;
import weblogic.wsee.security.wssp.SecurityPolicyAssertionInfo;
import weblogic.wsee.security.wssp.SecurityPolicyAssertionInfoFactory;
import weblogic.wsee.security.wssp.TransportBindingInfo;
import weblogic.wsee.util.MBeanUtil;
import weblogic.wsee.util.MimeHeadersUtil;
import weblogic.wsee.util.ServerSecurityHelper;

/* loaded from: input_file:weblogic/wsee/server/servlet/SecurityHelper.class */
public class SecurityHelper {
    private static String AUTHENTICATION_HEADER = MimeHeadersUtil.AUTH_HEADER;
    private final String securityRealm;

    public SecurityHelper(WebAppServletContext webAppServletContext) {
        this.securityRealm = webAppServletContext.getSecurityRealmName();
    }

    public String getSecurityRealm() {
        return this.securityRealm;
    }

    public static boolean isAnonymous(AuthenticatedSubject authenticatedSubject) {
        return SubjectUtils.isUserAnonymous(authenticatedSubject);
    }

    public final AuthenticatedSubject getRequestSubject(HttpServletRequest httpServletRequest) throws LoginException {
        return getRequestSubject(httpServletRequest, this.securityRealm);
    }

    public static AuthenticatedSubject getRequestSubject(HttpServletRequest httpServletRequest, String str) throws LoginException {
        X509Certificate[] clientCerts;
        String header = httpServletRequest.getHeader(AUTHENTICATION_HEADER);
        if (header != null) {
            String[] authInfo = HttpParsing.getAuthInfo(header);
            if (authInfo == null) {
                return null;
            }
            if (authInfo != null && authInfo[0] != null && authInfo[1] != null) {
                return ServerSecurityHelper.assertIdentity(authInfo[0], authInfo[1], str);
            }
        }
        if (!httpServletRequest.isSecure() || (clientCerts = getClientCerts(httpServletRequest)) == null || clientCerts.length <= 0) {
            return null;
        }
        return ServerSecurityHelper.assertIdentity(clientCerts, str);
    }

    public static boolean isHttpsRequiredByWssp(NormalizedExpression normalizedExpression) {
        return SecurityPolicyAssertionInfoFactory.hasTransportSecurityPolicy(normalizedExpression);
    }

    public static boolean hasWsspMessageSecurityPolicy(NormalizedExpression normalizedExpression) {
        return SecurityPolicyAssertionInfoFactory.hasMessageSecurityPolicy(normalizedExpression);
    }

    public static boolean hasWsTrustPolicy(NormalizedExpression normalizedExpression) {
        return SecurityPolicyAssertionInfoFactory.hasWsTrustPolicy(normalizedExpression);
    }

    public static HttpsTokenAssertion getHttpsTokenAssertion(NormalizedExpression normalizedExpression) {
        TransportBindingInfo transportBindingInfo;
        if (normalizedExpression.getPolicyAlternatives() == null) {
            return null;
        }
        Iterator it = normalizedExpression.getPolicyAlternatives().iterator();
        while (it.hasNext()) {
            SecurityPolicyAssertionInfo securityPolicyAssertionInfo = SecurityPolicyAssertionInfoFactory.getSecurityPolicyAssertionInfo((PolicyAlternative) it.next());
            if (securityPolicyAssertionInfo != null && (transportBindingInfo = securityPolicyAssertionInfo.getTransportBindingInfo()) != null) {
                return transportBindingInfo.getHttpsTokenAssertion();
            }
        }
        return null;
    }

    public static boolean isClientCertRequiredByWssp(NormalizedExpression normalizedExpression) {
        HttpsTokenAssertion httpsTokenAssertion = getHttpsTokenAssertion(normalizedExpression);
        return httpsTokenAssertion != null && httpsTokenAssertion.isClientCertificateRequired();
    }

    public static boolean isClientCertPresent(HttpServletRequest httpServletRequest) {
        X509Certificate[] clientCerts = getClientCerts(httpServletRequest);
        return clientCerts != null && clientCerts.length > 0;
    }

    public static boolean isBasicAuthReqByWssp(NormalizedExpression normalizedExpression) {
        HttpsTokenAssertion httpsTokenAssertion = getHttpsTokenAssertion(normalizedExpression);
        return httpsTokenAssertion != null && httpsTokenAssertion.isHttpBasicAuthenticationRequired();
    }

    private static final X509Certificate[] getClientCerts(HttpServletRequest httpServletRequest) {
        try {
            return (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        } catch (ClassCastException e) {
            return null;
        }
    }

    public static boolean isTwoWaySSLEnabled() {
        SSLMBean localSSLMBean = MBeanUtil.getLocalSSLMBean();
        return localSSLMBean.isTwoWaySSLEnabled() || localSSLMBean.isClientCertificateEnforced();
    }
}
