package weblogic.wsee.security.saml;

import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import org.w3c.dom.Node;
import weblogic.kernel.Kernel;
import weblogic.security.service.ContextHandler;
import weblogic.wsee.jaxrpc.WLStub;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
import weblogic.xml.crypto.wss.provider.Purpose;

/* loaded from: input_file:weblogic/wsee/security/saml/AbstractSAMLCredentialProvider.class */
public abstract class AbstractSAMLCredentialProvider implements CredentialProvider {
    private static final Logger LOGGER = Logger.getLogger(AbstractSAMLCredentialProvider.class.getName());

    @Override // weblogic.xml.crypto.wss.provider.CredentialProvider
    public abstract String[] getValueTypes();

    @Override // weblogic.xml.crypto.wss.provider.CredentialProvider
    public Object getCredential(String str, String str2, ContextHandler contextHandler, Purpose purpose) {
        if ((!purpose.equals(Purpose.IDENTITY) && !purpose.equals(Purpose.SIGN)) || !(contextHandler instanceof SecurityTokenContextHandler)) {
            return null;
        }
        boolean equals = str.equals(SAML2Constants.SAML20_TOKEN_TYPE);
        SecurityTokenContextHandler securityTokenContextHandler = new SecurityTokenContextHandler();
        Object value = contextHandler.getValue("com.bea.contextelement.saml.CachingRequested");
        if (value != null) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Requesting cached SAML assertion");
            }
            securityTokenContextHandler.addContextElement("com.bea.contextelement.saml.CachingRequested", value);
        }
        Node node = (Node) contextHandler.getValue(SecurityTokenContextHandler.CLAIMS_MAP);
        CSSUtils.processSAMLClaims(equals, securityTokenContextHandler, node);
        CSSUtils.setupSAMLContextElements(equals, securityTokenContextHandler, contextHandler);
        boolean z = null != contextHandler.getValue(WLStub.SAML_ATTRIBUTE_ONLY);
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Setting SAML Attributes for attributeOnly = " + z);
        }
        CSSUtils.setupSAMLAttributesContextElements(equals, securityTokenContextHandler, z, getSAMLAttributeData(CSSUtils.getCurrentAuthenticatedSubject()));
        Object obj = null;
        if (CSSUtils.isHolderOfKey(equals, securityTokenContextHandler)) {
            if (SAMLIssuedTokenHelper.isSymmetricKeyTypeFromIssuedTokenClaim(node)) {
                obj = getKeyInfoCredential(str, str2, (SecurityTokenContextHandler) contextHandler, purpose, node);
                if (null == obj) {
                    return null;
                }
            } else {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Getting X509 KeyInfo credential");
                }
                obj = getKeyInfoCredential(str, str2, (SecurityTokenContextHandler) contextHandler, purpose);
            }
        }
        try {
            return CSSUtils.getSAMLCredential(equals, str, securityTokenContextHandler, obj);
        } catch (WSSecurityException e) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Exception while acquiring SAML credential", (Throwable) e);
            }
            if (Kernel.isServer() && ((Boolean) contextHandler.getValue(SAML2Constants.DISABLE_REMOTE_WS_TRUST_CALL_FOR_SAML_TOKEN)).booleanValue()) {
                throw new RuntimeException(e);
            }
            return null;
        }
    }

    public Object getKeyInfoCredential(String str, String str2, SecurityTokenContextHandler securityTokenContextHandler, Purpose purpose) {
        return CSSUtils.getX509CredFromPKICredMapper(securityTokenContextHandler);
    }

    public Object getKeyInfoCredential(String str, String str2, SecurityTokenContextHandler securityTokenContextHandler, Purpose purpose, Node node) {
        Object value = securityTokenContextHandler.getValue("com.bea.contextelement.saml.subject.dom.KeyInfo");
        if (value != null && LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Get Symmetric KeyInfo credential =" + value);
        }
        if (!LOGGER.isLoggable(Level.FINE)) {
            return null;
        }
        LOGGER.log(Level.FINE, "Symmetric KeyInfo credential is NOT Supported!");
        return null;
    }

    public SAMLAttributeStatementData getSAMLAttributeData(Subject subject) {
        if (!LOGGER.isLoggable(Level.FINE)) {
            return null;
        }
        LOGGER.log(Level.FINE, "No override on getSAMLAttributeData() for SAML Attributes");
        return null;
    }
}
