package weblogic.xml.crypto.wss;

import java.io.Serializable;
import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.security.service.ContextHandler;
import weblogic.utils.collections.ConcurrentHashMap;
import weblogic.xml.crypto.utils.CertUtils;
import weblogic.xml.crypto.utils.DOMUtils;
import weblogic.xml.crypto.wss.api.BinarySecurityToken;
import weblogic.xml.crypto.wss.api.BinarySecurityTokenType;
import weblogic.xml.crypto.wss.api.Encoding;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityTokenPolicyInfo;
import weblogic.xml.dom.marshal.MarshalException;

/* loaded from: input_file:weblogic/xml/crypto/wss/BinarySecurityTokenImpl.class */
public class BinarySecurityTokenImpl extends SecurityTokenImpl implements BinarySecurityToken, SecurityTokenPolicyInfo, Serializable {
    private static final long serialVersionUID = -2889267257952778022L;
    private static String defaultEncoding = WSSConstants.ENCODING_TYPE_BASE64;
    private static String ID_PREFIX = "bst";
    private static final ConcurrentHashMap types = new ConcurrentHashMap();
    private static final ConcurrentHashMap encodings = new ConcurrentHashMap();
    private String id;
    private Object credentials;
    private byte[] decodedValue;
    private String encodedValue;
    private String valueType;
    private String encodingType;
    private BinarySecurityTokenType type;
    private boolean validated;

    public BinarySecurityTokenImpl() {
        this.encodingType = defaultEncoding;
        this.validated = false;
        this.type = (BinarySecurityTokenType) types.get(WSSConstants.VALUE_TYPE_X509V3);
        if (null == this.type || null == this.type.getValueType()) {
            this.valueType = WSSConstants.VALUE_TYPE_X509V3;
        } else {
            this.valueType = this.type.getValueType();
        }
    }

    public BinarySecurityTokenImpl(String str, Object obj, ContextHandler contextHandler) {
        this.encodingType = defaultEncoding;
        this.validated = false;
        if (obj == null) {
            throw new IllegalArgumentException("Credential must not be null.");
        }
        this.valueType = str;
        this.type = (BinarySecurityTokenType) types.get(str);
        if (this.type == null) {
            this.type = (BinarySecurityTokenType) types.get(WSSConstants.VALUE_TYPE_X509V3);
            this.valueType = this.type.getValueType();
        }
        this.credentials = obj;
        this.id = DOMUtils.generateId(ID_PREFIX);
    }

    private static final void initTypes() {
        register(new X509V3BSTType());
        register(new X509V1BSTType());
        register(X509CertPath.getPKCS7());
        register(X509CertPath.getPKIPath());
    }

    public static void initEncodings() {
        encodings.put(WSSConstants.ENCODING_TYPE_BASE64, new Base64Encoding());
    }

    public static void register(Encoding encoding) {
        encodings.put(encoding.getURI(), encoding);
    }

    public static void register(BinarySecurityTokenType binarySecurityTokenType) {
        types.put(binarySecurityTokenType.getValueType(), binarySecurityTokenType);
    }

    public static BinarySecurityTokenType getBSTType(String str) {
        return (BinarySecurityTokenType) types.get(str);
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public String getValueType() {
        return this.valueType;
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public String getId() {
        return this.id;
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public void setId(String str) {
        this.id = str;
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public PrivateKey getPrivateKey() {
        return this.type.getPrivateKey(getCredential());
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public PublicKey getPublicKey() {
        return this.type.getPublicKey(getCredential());
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public Key getSecretKey() {
        return this.type.getSecretKey(getCredential());
    }

    @Override // weblogic.xml.crypto.wss.api.BinarySecurityToken
    public X509Certificate getCertificate() {
        return this.type.getCertificate(getCredential());
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public Object getCredential() {
        if (this.credentials == null) {
            this.credentials = this.type.getCredentials(this.decodedValue);
        }
        return this.credentials;
    }

    @Override // weblogic.xml.crypto.wss.api.BinarySecurityToken
    public String getEncodedValue() throws WSSecurityException {
        if (this.encodedValue == null) {
            this.encodedValue = ((Encoding) encodings.get(getEncodingType())).encode(getDecodedValue());
        }
        return this.encodedValue;
    }

    @Override // weblogic.xml.crypto.wss.api.BinarySecurityToken
    public byte[] getDecodedValue() throws WSSecurityException {
        if (this.decodedValue == null) {
            this.decodedValue = ((BinarySecurityTokenType) types.get(this.valueType)).getUnencodedValue(this.credentials);
        }
        return this.decodedValue;
    }

    @Override // weblogic.xml.crypto.wss.api.BinarySecurityToken
    public String getEncodingType() {
        return this.encodingType;
    }

    @Override // weblogic.xml.dom.marshal.WLDOMStructure
    public void marshal(Element element, Node node, Map map) throws MarshalException {
        BSTUtils.marshalToken(this, element, map, node, true);
    }

    @Override // weblogic.xml.dom.marshal.WLDOMStructure
    public void unmarshal(Node node) throws MarshalException {
        Element element = (Element) node;
        setId(DOMUtils.getAttributeValue(element, WSSConstants.WSU_ID_QNAME));
        this.valueType = DOMUtils.getAttributeValue(element, WSSConstants.VALUE_TYPE_QNAME);
        if (this.valueType == null) {
            throw new MarshalException("Attribute " + WSSConstants.VALUE_TYPE_QNAME + " required in " + WSSConstants.BST_QNAME);
        }
        this.type = (BinarySecurityTokenType) types.get(this.valueType);
        String attributeValue = DOMUtils.getAttributeValue(element, WSSConstants.ENCODING_TYPE_QNAME);
        if (attributeValue != null) {
            this.encodingType = attributeValue;
        }
        this.encodedValue = DOMUtils.getText((Element) node);
        this.decodedValue = ((Encoding) encodings.get(this.encodingType)).decode(this.encodedValue);
        this.validated = false;
    }

    @Override // weblogic.xml.crypto.api.XMLStructure
    public boolean isFeatureSupported(String str) {
        return false;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenPolicyInfo
    public boolean supports(Purpose purpose) {
        return true;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenPolicyInfo
    public Element getSecurityTokenAssertion(Element element, Purpose purpose, ContextHandler contextHandler) throws WSSecurityConfigurationException {
        Boolean bool;
        if (Purpose.IDENTITY.equals(purpose) && ((bool = (Boolean) contextHandler.getValue(WssPolicyContextHandler.PROP_USE_X509_FOR_IDENTITY)) == null || !bool.booleanValue())) {
            return null;
        }
        String trustedCANames = getTrustedCANames();
        String prefix = DOMUtils.getPrefix(WSSConstants.POLICY_ASSERTIONS_URI, element);
        Element createAndAddElement = DOMUtils.createAndAddElement(element, WSSConstants.POLICY_TOKEN_QNAME, prefix);
        DOMUtils.addAttribute(createAndAddElement, WSSConstants.POLICY_TOKEN_TYPE_QNAME, getValueType());
        if (Purpose.SIGN.equals(purpose)) {
            DOMUtils.addAttribute(createAndAddElement, WSSConstants.POLICY_INCLUDE_IN_MESSAGE_QNAME, "true");
            if (trustedCANames != null) {
                DOMUtils.addText(DOMUtils.createAndAddElement(createAndAddElement, WSSConstants.POLICY_TOKEN_ISSUER, prefix), trustedCANames);
            }
        } else if (Purpose.ENCRYPT.equals(purpose)) {
            Element createAndAddElement2 = DOMUtils.createAndAddElement(DOMUtils.createAndAddElement(element, new QName(WSSConstants.POLICY_ASSERTIONS_URI, "SecurityTokenReference"), prefix), new QName(WSSConstants.POLICY_ASSERTIONS_URI, WSSConstants.EMBEDDED_ELEMENT), prefix);
            try {
                HashMap hashMap = new HashMap();
                hashMap.put("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse");
                hashMap.put("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
                List list = (List) contextHandler.getValue("com.bea.contextelement.wsee.credentialProviders");
                if (list == null) {
                    throw new WSSecurityConfigurationException("com.bea.contextelement.wsee.credentialProviders can not be found from the context handler");
                }
                Iterator it = list.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Object credential = ((CredentialProvider) it.next()).getCredential(getValueType(), null, contextHandler, purpose);
                    if (credential != null) {
                        this.credentials = credential;
                        break;
                    }
                }
                if (this.credentials == null) {
                    throw new WSSecurityConfigurationException("Can not resolve credentials for encryption during customizing the abstract policy. \nPlease check the credential providers " + list);
                }
                marshal(createAndAddElement2, null, hashMap);
            } catch (MarshalException e) {
                throw new WSSecurityConfigurationException(e.getMessage());
            }
        }
        return createAndAddElement;
    }

    private String getTrustedCANames() throws WSSecurityConfigurationException {
        X509Certificate[] trustedCAs = CertUtils.getTrustedCAs();
        if (trustedCAs.length == 0) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (X509Certificate x509Certificate : trustedCAs) {
            stringBuffer.append(x509Certificate.getSubjectX500Principal().getName());
            stringBuffer.append(',');
        }
        return stringBuffer.toString();
    }

    public String toString() {
        return getValueType() + " [id: " + getId() + ", cert: [" + getCertificate() + "]]";
    }

    public boolean equals(Object obj) {
        if (obj == null || !(obj instanceof BinarySecurityToken)) {
            return false;
        }
        return ((BinarySecurityToken) obj).getCertificate().equals(getCertificate());
    }

    public int hashCode() {
        return getCertificate().hashCode();
    }

    @Override // weblogic.xml.crypto.wss.api.BinarySecurityToken
    public void setValidated(boolean z) {
        this.validated = z;
    }

    @Override // weblogic.xml.crypto.wss.api.BinarySecurityToken
    public boolean isValidated() {
        return this.validated;
    }

    static {
        initEncodings();
        initTypes();
    }
}
