package weblogic.xml.crypto.utils;

import java.security.cert.X509Certificate;
import javax.xml.rpc.handler.MessageContext;
import weblogic.security.SSL.TrustManager;
import weblogic.security.service.ContextHandler;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.api.BinarySecurityToken;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityToken;

/* loaded from: input_file:weblogic/xml/crypto/utils/ClientBSTUtils.class */
public final class ClientBSTUtils {
    private static final String SERVER_VERIFY_CERT = "weblogic.wsee.security.bst.serverVerifyCert";
    private static final String SERVER_ENCRYPT_CERT = "weblogic.wsee.security.bst.serverEncryptCert";
    private static final boolean VALIDATION_OFF = Boolean.getBoolean(WSSConstants.VALIDATION_OFF);

    public static boolean isTrusted(SecurityToken securityToken, MessageContext messageContext, WSSecurityContext wSSecurityContext, ContextHandler contextHandler) throws WSSecurityException {
        if (VALIDATION_OFF) {
            return true;
        }
        X509Certificate certificate = ((BinarySecurityToken) securityToken).getCertificate();
        TrustManager trustManager = (TrustManager) wSSecurityContext.getProperty(WSSecurityContext.TRUST_MANAGER);
        if (trustManager != null) {
            return trustManager.certificateCallback(new X509Certificate[]{certificate}, 16);
        }
        X509Certificate x509Certificate = (X509Certificate) messageContext.getProperty(SERVER_ENCRYPT_CERT);
        if (x509Certificate == null) {
            throw new WSSecurityException("Could not validate certificate: no TrustManager set and no server cert set.");
        }
        if (x509Certificate.equals(certificate)) {
            return true;
        }
        X509Certificate x509Certificate2 = (X509Certificate) messageContext.getProperty(SERVER_VERIFY_CERT);
        if (x509Certificate2 != null && x509Certificate2.equals(certificate)) {
            return true;
        }
        Purpose purpose = (Purpose) messageContext.getProperty("weblogic.xml.crypto.wss.provider.Purpose");
        if (purpose == null) {
            return false;
        }
        return (wSSecurityContext.getCredentialProvider(WSSConstants.VALUE_TYPE_X509V3).getCredential(WSSConstants.VALUE_TYPE_X509V3, null, contextHandler, purpose) == null && wSSecurityContext.getCredentialProvider(WSSConstants.VALUE_TYPE_X509V1).getCredential(WSSConstants.VALUE_TYPE_X509V1, null, contextHandler, purpose) == null) ? false : true;
    }
}
