package weblogic.security.service;

import com.bea.common.security.service.CertPathBuilderService;
import com.bea.common.security.service.CertPathValidatorService;
import com.bea.security.css.CSS;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathBuilderResult;
import java.security.cert.CertPathBuilderSpi;
import java.security.cert.CertPathParameters;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorResult;
import java.security.cert.CertPathValidatorSpi;
import java.security.cert.X509Certificate;
import weblogic.management.security.ProviderMBean;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.pk.CertPathBuilderParameters;
import weblogic.security.pk.CertPathSelector;
import weblogic.security.pk.CertPathValidatorParameters;
import weblogic.security.service.SecurityService;
import weblogic.security.shared.LoggerWrapper;

/* loaded from: input_file:weblogic/security/service/CertPathManager.class */
public class CertPathManager implements SecurityService {
    private CertPathBuilderService certPathBuilderService = null;
    private CertPathValidatorService certPathValidatorService = null;
    private static final String MY_JDK_SECURITY_PROVIDER_NAME = "WLSJDKCertPathProvider";
    private static final String BUILDER_ALGORITHM = "WLSCertPathBuilder";
    private static final String VALIDATOR_ALGORITHM = "WLSCertPathValidator";
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static LoggerWrapper log = LoggerWrapper.getInstance("SecurityCertPath");

    /* loaded from: input_file:weblogic/security/service/CertPathManager$JDKCertPathBuilder.class */
    public static class JDKCertPathBuilder extends CertPathBuilderSpi {
        @Override // java.security.cert.CertPathBuilderSpi
        public CertPathBuilderResult engineBuild(CertPathParameters certPathParameters) throws CertPathBuilderException, InvalidAlgorithmParameterException {
            if (!(certPathParameters instanceof CertPathBuilderParameters)) {
                throw new InvalidAlgorithmParameterException(SecurityLogger.getWLSJDKCertPathBuilderIllegalCertPathParameters());
            }
            CertPathBuilderParameters certPathBuilderParameters = (CertPathBuilderParameters) certPathParameters;
            String realmName = certPathBuilderParameters.getRealmName();
            CertPathManager.checkRealm(realmName);
            return ((CertPathManager) SecurityServiceManager.getSecurityServiceInternal(realmName, SecurityService.ServiceType.CERTPATH)).build(certPathBuilderParameters.getSelector(), certPathBuilderParameters.getTrustedCAs(), certPathBuilderParameters.getContext());
        }
    }

    /* loaded from: input_file:weblogic/security/service/CertPathManager$JDKCertPathValidator.class */
    public static class JDKCertPathValidator extends CertPathValidatorSpi {
        @Override // java.security.cert.CertPathValidatorSpi
        public CertPathValidatorResult engineValidate(CertPath certPath, CertPathParameters certPathParameters) throws CertPathValidatorException, InvalidAlgorithmParameterException {
            if (!(certPathParameters instanceof CertPathValidatorParameters)) {
                throw new InvalidAlgorithmParameterException(SecurityLogger.getWLSJDKCertPathValidatorIllegalCertPathParameters());
            }
            CertPathValidatorParameters certPathValidatorParameters = (CertPathValidatorParameters) certPathParameters;
            String realmName = certPathValidatorParameters.getRealmName();
            CertPathManager.checkRealm(realmName);
            return ((CertPathManager) SecurityServiceManager.getSecurityServiceInternal(realmName, SecurityService.ServiceType.CERTPATH)).validate(certPath, certPathValidatorParameters.getTrustedCAs(), certPathValidatorParameters.getContext());
        }
    }

    /* loaded from: input_file:weblogic/security/service/CertPathManager$MyJDKSecurityProvider.class */
    private class MyJDKSecurityProvider extends Provider {
        private MyJDKSecurityProvider() {
            super(CertPathManager.MY_JDK_SECURITY_PROVIDER_NAME, 1.0d, "WebLogic JDK CertPath provider");
            put("CertPathValidator.WLSCertPathValidator", "weblogic.security.service.CertPathManager$JDKCertPathValidator");
            put("CertPathBuilder.WLSCertPathBuilder", "weblogic.security.service.CertPathManager$JDKCertPathBuilder");
        }
    }

    public CertPathManager() {
    }

    public CertPathManager(String str, ProviderMBean[] providerMBeanArr) {
        initialize(str, providerMBeanArr);
    }

    @Override // weblogic.security.service.SecurityService
    public void initialize(String str, ProviderMBean[] providerMBeanArr) {
        if (log.isDebugEnabled()) {
            log.debug("CertPathManager will use common security");
        }
        try {
            CSS css = SecurityServiceManager.getCSS(kernelId);
            this.certPathBuilderService = (CertPathBuilderService) css.getService(CSS.CERT_PATH_BUILDER_SERVICE);
            this.certPathValidatorService = (CertPathValidatorService) css.getService(CSS.CERT_PATH_VALIDATOR_SERVICE);
            if (log.isDebugEnabled()) {
                log.debug("CertPathManager initialized with " + providerMBeanArr.length + "CertPathProvider(s).");
            }
            if (Security.getProvider(MY_JDK_SECURITY_PROVIDER_NAME) == null) {
                AccessController.doPrivileged(new PrivilegedAction() { // from class: weblogic.security.service.CertPathManager.1
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        Security.addProvider(new MyJDKSecurityProvider());
                        return null;
                    }
                });
            }
        } catch (Exception e) {
            if (log.isDebugEnabled()) {
                SecurityLogger.logStackTrace(e);
            }
            SecurityServiceRuntimeException securityServiceRuntimeException = new SecurityServiceRuntimeException(SecurityLogger.getExceptionObtainingService("Common CertPath Service", e.toString()));
            securityServiceRuntimeException.initCause(e);
            throw securityServiceRuntimeException;
        }
    }

    @Override // weblogic.security.service.SecurityService
    public void start() {
    }

    @Override // weblogic.security.service.SecurityService
    public void suspend() {
    }

    @Override // weblogic.security.service.SecurityService
    public void shutdown() {
        this.certPathBuilderService = null;
        this.certPathValidatorService = null;
    }

    public CertPathBuilderResult build(CertPathSelector certPathSelector, X509Certificate[] x509CertificateArr, ContextHandler contextHandler) throws CertPathBuilderException, InvalidAlgorithmParameterException {
        return this.certPathBuilderService.build(certPathSelector, x509CertificateArr, contextHandler);
    }

    public CertPathValidatorResult validate(CertPath certPath, X509Certificate[] x509CertificateArr, ContextHandler contextHandler) throws CertPathValidatorException, InvalidAlgorithmParameterException {
        return this.certPathValidatorService.validate(certPath, x509CertificateArr, contextHandler);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkRealm(String str) throws InvalidAlgorithmParameterException {
        if (!SecurityServiceManager.doesRealmExistInternal(str)) {
            throw new IllegalArgumentException(SecurityLogger.getInvalidRealmName(str));
        }
    }
}
