package com.bea.common.security.saml.manager;

import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.legacy.ExtendedSecurityServices;
import com.bea.common.security.saml.registry.SAMLCertRegLDAPDelegate;
import com.bea.common.security.saml.registry.SAMLIdentityAsserterLDAPDelegate;
import java.math.BigInteger;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import weblogic.management.security.ProviderMBean;
import weblogic.management.utils.InvalidParameterException;
import weblogic.management.utils.NotFoundException;
import weblogic.security.providers.utils.CertRegLDAPDelegate;
import weblogic.security.spi.ProviderInitializationException;
import weblogic.security.spi.SecurityServices;

/* loaded from: input_file:com/bea/common/security/saml/manager/SAMLTrustManager.class */
public class SAMLTrustManager {
    private static final int V1_MANAGER = 0;
    private static final int V2_MANAGER = 1;
    private CertRegLDAPDelegate ldapDelegate;
    private static LoggerSpi LOGGER = null;
    private static SAMLTrustManager manager = null;

    private static final void logDebug(String str) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("SAMLTrustManager: " + str);
        }
    }

    private SAMLTrustManager(int i, ProviderMBean providerMBean, SecurityServices securityServices) {
        this.ldapDelegate = null;
        LOGGER = ((ExtendedSecurityServices) securityServices).getLogger("SecuritySAMLLib");
        if (i == 0) {
            this.ldapDelegate = new SAMLIdentityAsserterLDAPDelegate(providerMBean, securityServices);
        } else {
            this.ldapDelegate = new SAMLCertRegLDAPDelegate(providerMBean, securityServices);
        }
    }

    private static synchronized SAMLTrustManager getManager(int i, ProviderMBean providerMBean, SecurityServices securityServices) {
        if (manager == null) {
            try {
                manager = new SAMLTrustManager(i, providerMBean, securityServices);
            } catch (Exception e) {
                throw new ProviderInitializationException("SAMLTrustManager: Unable to instantiate trust manager for realm " + providerMBean.getRealm().getName() + ": " + e.toString());
            }
        }
        return manager;
    }

    public static SAMLTrustManager getManager(ProviderMBean providerMBean, SecurityServices securityServices) {
        return getManager(1, providerMBean, securityServices);
    }

    public static SAMLTrustManager getV1Manager(ProviderMBean providerMBean, SecurityServices securityServices) {
        return getManager(0, providerMBean, securityServices);
    }

    public static synchronized SAMLTrustManager getManager() {
        return manager;
    }

    public X509Certificate getCertificate(String str) {
        X509Certificate x509Certificate;
        if (str == null) {
            return null;
        }
        logDebug("Looking for certificate alias '" + str + "'");
        try {
            x509Certificate = this.ldapDelegate.getCertificateFromAlias(str);
            x509Certificate.checkValidity();
        } catch (CertificateExpiredException e) {
            logDebug("Certificate has expired: " + e.toString());
            return null;
        } catch (CertificateNotYetValidException e2) {
            logDebug("Certificate is not yet valid: " + e2.toString());
            return null;
        } catch (InvalidParameterException e3) {
            x509Certificate = null;
        } catch (NotFoundException e4) {
            x509Certificate = null;
        }
        logDebug("Certificate was " + (x509Certificate != null ? "found" : "not found"));
        return x509Certificate;
    }

    public boolean isCertificateTrusted(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            logDebug("Certificate parameter was null!");
            return false;
        }
        logDebug("Verifying trust for cert: " + x509Certificate.getSubjectDN().getName());
        String name = x509Certificate.getIssuerDN().getName();
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        logDebug("Looking for cert with issuerDN: " + name + " and serialNumber: " + serialNumber);
        X509Certificate certificateFromIssuerDNAndSerialNumber = this.ldapDelegate.getCertificateFromIssuerDNAndSerialNumber(name, serialNumber);
        if (certificateFromIssuerDNAndSerialNumber == null) {
            logDebug("Not trusted: X.509 certificate is not registered");
            return false;
        }
        try {
            certificateFromIssuerDNAndSerialNumber.checkValidity();
            if (certificateFromIssuerDNAndSerialNumber.equals(x509Certificate)) {
                logDebug("Trusted: X.509 certificate found in the registry");
                return true;
            }
            logDebug("Not trusted: X.509 certificate does not match registered certificate");
            return false;
        } catch (CertificateExpiredException e) {
            logDebug("Certificate has expired: " + e.toString());
            return false;
        } catch (CertificateNotYetValidException e2) {
            logDebug("Certificate is not yet valid: " + e2.toString());
            return false;
        }
    }

    public boolean isCertificateTrustedAlias(X509Certificate x509Certificate, String str) {
        X509Certificate certificate;
        return (x509Certificate == null || str == null || (certificate = getCertificate(str)) == null || !certificate.equals(x509Certificate)) ? false : true;
    }
}
