package org.globus.ogsa.impl.security.authentication.service;

import java.rmi.RemoteException;
import org.apache.axis.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.gsi.gssapi.GSSConstants;
import org.globus.gsi.jaas.JaasGssUtil;
import org.globus.gsi.proxy.ProxyPolicyHandler;
import org.globus.ogsa.ServiceProperties;
import org.globus.ogsa.impl.ogsi.GridServiceImpl;
import org.globus.ogsa.impl.security.SecurityException;
import org.globus.ogsa.impl.security.SecurityManager;
import org.globus.ogsa.impl.security.authentication.Constants;
import org.globus.ogsa.impl.security.authentication.ContextManager;
import org.globus.ogsa.impl.security.authentication.SecContext;
import org.globus.ogsa.impl.security.authentication.SecureServicePropertiesHelper;
import org.globus.ogsa.impl.security.descriptor.SecurityDescriptor;
import org.globus.ogsa.impl.security.util.UUID;
import org.globus.ogsa.repository.ServiceNode;
import org.globus.ogsa.security.authentication.ContextTokenOutType;
import org.globus.ogsa.security.authentication.ContextTokenType;
import org.globus.ogsa.security.authentication.InitContextTokenType;
import org.globus.ogsa.security.authentication.InvalidContextIdFault;
import org.globus.ogsa.security.authentication.MechanismTypeNotSupportedFault;
import org.globus.ogsa.security.authentication.SecureContextEstablishmentPortType;
import org.globus.ogsa.utils.ChainedRemoteException;
import org.globus.ogsa.utils.MessageUtils;
import org.gridforum.jgss.ExtendedGSSContext;
import org.gridforum.jgss.ExtendedGSSManager;
import org.gridforum.ogsi.NoSuchServiceFaultType;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;

/* loaded from: input_file:org/globus/ogsa/impl/security/authentication/service/AuthenticationServiceImpl.class */
public class AuthenticationServiceImpl extends GridServiceImpl implements SecureContextEstablishmentPortType, AuthenticationServiceConstants {
    static Log logger;
    static Class class$org$globus$ogsa$impl$security$authentication$service$AuthenticationServiceImpl;

    public AuthenticationServiceImpl() {
        super("Authentication Service");
    }

    protected GSSManager getGSSManager(String str) throws MechanismTypeNotSupportedFault {
        if (str == null) {
            throw new MechanismTypeNotSupportedFault();
        }
        if (str.equalsIgnoreCase(Constants.GSI_MECH_TYPE)) {
            return ExtendedGSSManager.getInstance();
        }
        throw new MechanismTypeNotSupportedFault();
    }

    protected ServiceProperties getTargetService(boolean z) throws RemoteException {
        MessageContext currentContext = MessageContext.getCurrentContext();
        if (currentContext == null) {
            throw new RemoteException("No MessageContext");
        }
        String str = (String) currentContext.getProperty(AuthenticationServiceConstants.TARGET_SERVICE);
        logger.debug(new StringBuffer().append("Target URL is ").append(str).toString());
        if (str == null) {
            throw new RemoteException("No target service set");
        }
        ServiceNode rootNode = ServiceNode.getRootNode();
        return z ? (ServiceProperties) rootNode.activate(str) : (ServiceProperties) rootNode.resolve(str);
    }

    protected GSSCredential getCredential(ServiceProperties serviceProperties) throws SecurityException {
        return JaasGssUtil.getCredential(SecurityManager.getManager().getSubject(serviceProperties));
    }

    protected ProxyPolicyHandler getGrimProxyPolicyHandler(ServiceProperties serviceProperties) {
        return SecureServicePropertiesHelper.getGrimProxyPolicyHandler(serviceProperties);
    }

    protected ContextManager getContextManager(ServiceProperties serviceProperties) {
        ContextManager contextManager;
        synchronized (serviceProperties) {
            ContextManager contextManager2 = SecureServicePropertiesHelper.getContextManager(serviceProperties);
            if (contextManager2 == null) {
                contextManager2 = new ContextManager();
                SecureServicePropertiesHelper.setContextManager(serviceProperties, contextManager2);
            }
            contextManager = contextManager2;
        }
        return contextManager;
    }

    @Override // org.globus.ogsa.security.authentication.SecureContextEstablishmentPortType
    public ContextTokenOutType initTokenExchange(InitContextTokenType initContextTokenType) throws RemoteException, MechanismTypeNotSupportedFault {
        UUID uuid;
        Integer contextLifetime;
        logger.debug("Enter initContext");
        ServiceProperties targetService = getTargetService(true);
        if (targetService == null) {
            throw new NoSuchServiceFaultType();
        }
        try {
            ExtendedGSSContext createContext = getGSSManager(initContextTokenType.getMechanismType()).createContext(getCredential(targetService));
            SecurityDescriptor securityDescriptor = SecureServicePropertiesHelper.getSecurityDescriptor(targetService);
            if (securityDescriptor != null && (contextLifetime = securityDescriptor.getContextLifetime()) != null) {
                logger.debug(new StringBuffer().append("Setting context lifetime to ").append(contextLifetime.intValue()).toString());
                try {
                    createContext.requestLifetime(contextLifetime.intValue());
                } catch (GSSException e) {
                    throw new ChainedRemoteException((Exception) e);
                }
            }
            ProxyPolicyHandler grimProxyPolicyHandler = getGrimProxyPolicyHandler(targetService);
            if (grimProxyPolicyHandler != null && (createContext instanceof ExtendedGSSContext)) {
                try {
                    createContext.setOption(GSSConstants.GRIM_POLICY_HANDLER, grimProxyPolicyHandler);
                } catch (GSSException e2) {
                    throw new ChainedRemoteException((Exception) e2);
                }
            }
            String contextId = initContextTokenType.getContextId();
            if (contextId == null) {
                uuid = new UUID(System.currentTimeMillis(), createContext.hashCode());
            } else {
                uuid = new UUID(contextId);
                uuid.setLeastSignificant(createContext.hashCode());
            }
            String uuid2 = uuid.toString();
            logger.debug(new StringBuffer().append("init context: ").append(uuid2).toString());
            initContextTokenType.setContextId(uuid2);
            getContextManager(targetService).put(new SecContext(createContext, uuid2));
            return continueTokenExchange(initContextTokenType);
        } catch (Exception e3) {
            throw new ChainedRemoteException(e3);
        }
    }

    @Override // org.globus.ogsa.security.authentication.SecureContextEstablishmentPortType
    public ContextTokenOutType continueTokenExchange(ContextTokenType contextTokenType) throws RemoteException, InvalidContextIdFault {
        logger.debug("Enter establishContext");
        ServiceProperties targetService = getTargetService(false);
        if (targetService == null) {
            throw new NoSuchServiceFaultType();
        }
        String contextId = contextTokenType.getContextId();
        SecContext secContext = SecureServicePropertiesHelper.getContextManager(targetService).get(contextId);
        if (secContext == null) {
            throw new InvalidContextIdFault(MessageUtils.getMessage("invalidContextId"));
        }
        ExtendedGSSContext context = secContext.getContext();
        byte[] base64Token = contextTokenType.getBase64Token();
        try {
            SecurityDescriptor securityDescriptor = SecureServicePropertiesHelper.getSecurityDescriptor(targetService);
            if (securityDescriptor != null && securityDescriptor.getRejectLimitedProxyState()) {
                logger.debug("Reject Limited Proxy is true");
                context.setOption(GSSConstants.REJECT_LIMITED_PROXY, Boolean.TRUE);
            }
            context.setOption(GSSConstants.ACCEPT_NO_CLIENT_CERTS, Boolean.TRUE);
            byte[] acceptSecContext = context.acceptSecContext(base64Token, 0, base64Token.length);
            ContextTokenOutType contextTokenOutType = new ContextTokenOutType();
            contextTokenOutType.setContinueNeeded(!context.isEstablished());
            contextTokenOutType.setBase64Token(acceptSecContext);
            contextTokenOutType.setContextId(contextId);
            return contextTokenOutType;
        } catch (GSSException e) {
            throw new ChainedRemoteException((Exception) e);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$globus$ogsa$impl$security$authentication$service$AuthenticationServiceImpl == null) {
            cls = class$("org.globus.ogsa.impl.security.authentication.service.AuthenticationServiceImpl");
            class$org$globus$ogsa$impl$security$authentication$service$AuthenticationServiceImpl = cls;
        } else {
            cls = class$org$globus$ogsa$impl$security$authentication$service$AuthenticationServiceImpl;
        }
        logger = LogFactory.getLog(cls.getName());
    }
}
