package weblogic.wsee.reliability2.io;

import com.oracle.webservices.impl.internalapi.session.manager.Session;
import com.oracle.webservices.impl.internalapi.session.manager.SessionContainer;
import com.oracle.webservices.impl.internalapi.session.manager.SessionException;
import com.oracle.webservices.impl.internalapi.session.manager.SessionManager;
import com.oracle.webservices.impl.internalapi.session.manager.SessionManagerFactory;
import com.oracle.webservices.impl.internalapi.session.property.MessageProperties;
import com.oracle.webservices.impl.internalapi.session.property.Property;
import com.oracle.webservices.impl.internalapi.session.sc.SCPropertySet;
import com.oracle.webservices.impl.internalapi.session.sc.SCT;
import com.oracle.webservices.impl.internalapi.session.tube.PacketMessageProperties;
import com.oracle.webservices.impl.internalspi.platform.PlatformServiceFactory;
import com.oracle.webservices.impl.internalspi.session.manager.MessageAssociationContext;
import com.sun.xml.ws.api.message.AddressingUtils;
import com.sun.xml.ws.api.message.Packet;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLSession;
import javax.servlet.http.HttpServletRequest;
import javax.xml.bind.DatatypeConverter;
import weblogic.wsee.reliability2.WsrmConstants;
import weblogic.wsee.reliability2.WsrmSecurityContext;
import weblogic.wsee.reliability2.faults.SecurityMismatchFaultException;
import weblogic.wsee.reliability2.sequence.SSLInfo;
import weblogic.wsee.reliability2.sequence.SecurityInfo;
import weblogic.wsee.reliability2.sequence.Sequence;
import weblogic.wsee.reliability2.sequence.SourceSequence;

/* loaded from: input_file:weblogic/wsee/reliability2/io/SSLUtil.class */
public class SSLUtil {
    private static final Logger LOGGER = Logger.getLogger(SSLUtil.class.getName());

    public static void validateSecurityOnInboundPacket(Sequence sequence, Packet packet, SessionManagerFactory sessionManagerFactory) {
        if (Boolean.getBoolean("com.oracle.webservices.reliability.useSessionManager")) {
            validateSecurityOnInboundPacketSecurityInfo(sequence, packet, sessionManagerFactory);
        } else {
            validateSecurityOnInboundPacketSecurityContext(sequence, packet);
        }
    }

    private static void validateSecurityOnInboundPacketSecurityInfo(Sequence sequence, Packet packet, SessionManagerFactory sessionManagerFactory) {
        SecurityInfo securityInfo = sequence.getSecurityInfo();
        if (packet == null || securityInfo == null) {
            return;
        }
        if (securityInfo.isSSL() && PlatformServiceFactory.getPlatformService().isServer()) {
            String str = null;
            if (LOGGER.isLoggable(Level.FINE)) {
                str = "Packet (" + dumpSecuritySSLOnPacket(packet) + ") against sequence (" + dumpSecuritySSL(securityInfo.getSSLInfo().getValue().getSessionId(), securityInfo.getSSLInfo().getValue().getCertChain()) + ")";
                LOGGER.fine("Validating SSL Security On " + str);
            }
            if (Arrays.equals(getSSLSessionId(packet), securityInfo.getSSLInfo().getValue().getSessionId()) || compareSSLProperties(securityInfo, packet)) {
                return;
            }
            if (LOGGER.isLoggable(Level.FINER)) {
                LOGGER.fine("SSL Security Mismatch Detected!: " + str);
            }
            throw new SecurityMismatchFaultException(sequence.getId(), sequence instanceof SourceSequence ? WsrmConstants.FaultGeneratedBy.SOURCE : WsrmConstants.FaultGeneratedBy.DESTINATION, sequence.getRmVersion(), true);
        }
        if (securityInfo.isSCT()) {
            SessionManager sessionManager = sessionManagerFactory.getSessionManager();
            SessionContainer sessionContainer = InboundInvocationPropertyBag.getFromPacket(packet).getSessionContainer();
            MessageAssociationContext messageAssociationContext = new MessageAssociationContext(new PacketMessageProperties(packet));
            try {
                SCT sCTFromSession = getSCTFromSession(sessionManager.getSessionFromEnvironment(sessionContainer, messageAssociationContext), messageAssociationContext);
                if (sCTFromSession != null) {
                    String str2 = null;
                    if (LOGGER.isLoggable(Level.FINE)) {
                        str2 = "Packet (" + sCTFromSession.dumpSCTInfo(packet) + ") against sequence (" + sCTFromSession.dump() + ")";
                        LOGGER.fine("Validating SCT Security On " + str2);
                    }
                    boolean z = (packet.getMessage() == null || AddressingUtils.getRelatesTo(packet.getMessage().getHeaders(), sequence.getAddressingVersion(), sequence.getSoapVersion()) == null) ? false : true;
                    if (sCTFromSession.matches(packet) || !LOGGER.isLoggable(Level.FINER)) {
                        return;
                    }
                    LOGGER.fine("SCT Security Mismatch Detected!: " + str2);
                }
            } catch (SessionException e) {
                throw new RuntimeException(e.toString(), e);
            }
        }
    }

    private static void validateSecurityOnInboundPacketSecurityContext(Sequence sequence, Packet packet) {
        WsrmSecurityContext securityContext = sequence.getSecurityContext();
        if (packet == null || securityContext == null) {
            return;
        }
        if (securityContext.isSecureWithSSL() && PlatformServiceFactory.getPlatformService().isServer()) {
            String str = null;
            if (LOGGER.isLoggable(Level.FINE)) {
                str = "Packet (" + dumpSecuritySSLOnPacket(packet) + ") against sequence (" + dumpSecuritySSL(securityContext.getSSLSessionId(), securityContext.getSSLCertChain()) + ")";
                LOGGER.fine("Validating SSL Security On " + str);
            }
            if (Arrays.equals(getSSLSessionId(packet), securityContext.getSSLSessionId()) || compareSSLProperties(securityContext, packet)) {
                return;
            }
            if (LOGGER.isLoggable(Level.FINER)) {
                LOGGER.fine("SSL Security Mismatch Detected!: " + str);
            }
            throw new SecurityMismatchFaultException(sequence.getId(), sequence instanceof SourceSequence ? WsrmConstants.FaultGeneratedBy.SOURCE : WsrmConstants.FaultGeneratedBy.DESTINATION, sequence.getRmVersion(), true);
        }
        if (securityContext.isSecure()) {
            Object wLSSCCredential = getWLSSCCredential(packet);
            String str2 = null;
            if (LOGGER.isLoggable(Level.FINE)) {
                str2 = "Packet (" + dumpSecuritySCTOnPacket(packet) + ") against sequence (" + dumpSecuritySCT(securityContext.getSCCredential()) + ")";
                LOGGER.fine("Validating SCT Security On " + str2);
            }
            boolean z = false;
            if (!((packet.getMessage() == null || AddressingUtils.getRelatesTo(packet.getMessage().getHeaders(), sequence.getAddressingVersion(), sequence.getSoapVersion()) == null) ? false : true) && (wLSSCCredential == null || !wLSSCCredential.equals(securityContext.getSCCredential()))) {
                z = true;
            }
            if (z && LOGGER.isLoggable(Level.FINER)) {
                LOGGER.fine("SCT Security Mismatch Detected!: " + str2);
            }
        }
    }

    @Deprecated
    public static Object getWLSSCCredential(Packet packet) {
        if (Boolean.getBoolean("com.oracle.webservices.reliability.useSessionManager")) {
            throw new IllegalStateException("Cannot call getWLSSCCredential when -Dcom.oracle.webservices.reliability.useSessionManager is set to true");
        }
        Object obj = null;
        if (packet.proxy != null) {
            obj = packet.proxy.getRequestContext().get(WsrmSecurityContext.SECURITY_CONTEXT_CREDENTIAL);
        }
        if (obj == null) {
            obj = packet.invocationProperties.get(WsrmSecurityContext.SECURITY_CONTEXT_CREDENTIAL);
        }
        return obj;
    }

    @Deprecated
    public static String dumpSecuritySCTOnPacket(Packet packet) {
        return packet == null ? "<None>" : dumpSecuritySCT(getWLSSCCredential(packet));
    }

    public static String dumpSecuritySCT(Object obj) {
        return obj == null ? "<None>" : "SCCredential=" + obj;
    }

    public static SSLInfo getSSLInfo(Packet packet) {
        if (packet == null || !packet.supports("javax.xml.ws.servlet.request")) {
            return null;
        }
        return new SSLInfo(getSSLSessionId(packet), getSSLCertChain(packet));
    }

    public static byte[] getSSLSessionId(Packet packet) {
        SSLSession sSLSession;
        if (packet == null || !packet.supports("javax.xml.ws.servlet.request") || (sSLSession = (SSLSession) ((HttpServletRequest) packet.get("javax.xml.ws.servlet.request")).getAttribute("weblogic.servlet.request.sslsession")) == null) {
            return null;
        }
        return sSLSession.getId();
    }

    private static boolean compareSSLProperties(SecurityInfo securityInfo, Packet packet) {
        if (securityInfo.isSSL()) {
            return compareSSLProperties(securityInfo.getSSLInfo().getValue().getCertChain(), getSSLCertChain(packet));
        }
        return true;
    }

    @Deprecated
    private static boolean compareSSLProperties(WsrmSecurityContext wsrmSecurityContext, Packet packet) {
        return compareSSLProperties(wsrmSecurityContext.getSSLCertChain(), getSSLCertChain(packet));
    }

    private static boolean compareSSLProperties(X509Certificate[] x509CertificateArr, X509Certificate[] x509CertificateArr2) {
        if (x509CertificateArr == null) {
            return true;
        }
        if (x509CertificateArr2 == null || x509CertificateArr.length != x509CertificateArr2.length) {
            return false;
        }
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (!compareCerts(x509CertificateArr[i], x509CertificateArr2[i])) {
                return false;
            }
        }
        return true;
    }

    private static boolean compareCerts(X509Certificate x509Certificate, X509Certificate x509Certificate2) {
        return (x509Certificate == null && x509Certificate2 == null) || getCertKey(x509Certificate).equals(getCertKey(x509Certificate2));
    }

    private static String getCertKey(X509Certificate x509Certificate) {
        return x509Certificate.getIssuerX500Principal().getName() + x509Certificate.getSerialNumber();
    }

    public static X509Certificate[] getSSLCertChain(Packet packet) {
        if (packet == null || !packet.supports("javax.xml.ws.servlet.request")) {
            return null;
        }
        return (X509Certificate[]) ((HttpServletRequest) packet.get("javax.xml.ws.servlet.request")).getAttribute("javax.servlet.request.X509Certificate");
    }

    public static boolean isSSLRequest(Packet packet) {
        if (packet == null || !packet.supports("javax.xml.ws.servlet.request")) {
            return false;
        }
        return ((HttpServletRequest) packet.get("javax.xml.ws.servlet.request")).isSecure();
    }

    public static String dumpSecuritySSLOnPacket(Packet packet) {
        if (packet == null || !packet.supports("javax.xml.ws.servlet.request")) {
            return null;
        }
        return dumpSecuritySSL(getSSLSessionId(packet), getSSLCertChain(packet));
    }

    public static String dumpSecuritySSL(byte[] bArr, X509Certificate[] x509CertificateArr) {
        StringBuilder sb = new StringBuilder();
        sb.append("SSLSessionID=").append(bArr != null ? DatatypeConverter.printBase64Binary(bArr) : null);
        sb.append(" ");
        sb.append("X509Certificates=");
        if (x509CertificateArr == null) {
            sb.append("null");
        } else {
            sb.append("[");
            for (X509Certificate x509Certificate : x509CertificateArr) {
                sb.append(x509Certificate);
                sb.append(",");
            }
            sb.deleteCharAt(sb.length() - 1);
            sb.append("]");
        }
        return sb.toString();
    }

    public static String dumpSSLSessionId(byte[] bArr) {
        if (bArr != null) {
            return DatatypeConverter.printBase64Binary(bArr);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SCT getSCTFromSession(Session session, MessageAssociationContext messageAssociationContext) {
        if (session == null) {
            if (!LOGGER.isLoggable(Level.WARNING)) {
                return null;
            }
            LOGGER.warning("Session found null, returning null SCT.");
            return null;
        }
        SCT sct = null;
        if (session.contains(SCPropertySet.class)) {
            Property.Value value = session.get(SCPropertySet.class).getSCTProperty().getValue(messageAssociationContext != null ? messageAssociationContext.getMessageProperties() : (MessageProperties) null);
            if (value != null && value.getState() == Property.State.AVAILABLE) {
                sct = (SCT) value.getValue();
            }
        }
        if (sct == null && LOGGER.isLoggable(Level.WARNING)) {
            LOGGER.warning("Could not get SCT from Session. Returning null SCT.");
        }
        return sct;
    }
}
