package org.globus.ogsa.impl.security.authentication.wssec;

import java.io.ByteArrayInputStream;
import java.security.cert.X509Certificate;
import javax.security.auth.Subject;
import javax.xml.rpc.handler.MessageContext;
import javax.xml.soap.SOAPEnvelope;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.Init;
import org.apache.xml.security.encryption.DataReference;
import org.apache.xml.security.encryption.ReferenceList;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.utils.IdResolver;
import org.globus.gsi.CertUtil;
import org.globus.gsi.CertificateRevocationLists;
import org.globus.gsi.TrustedCertificates;
import org.globus.gsi.jaas.GlobusPrincipal;
import org.globus.gsi.proxy.ProxyPathValidator;
import org.globus.gsi.proxy.ProxyPolicyHandler;
import org.globus.ogsa.impl.security.Constants;
import org.globus.ogsa.impl.security.authentication.GSSEncryptedData;
import org.globus.ogsa.impl.security.authentication.GssXMLSignature;
import org.globus.ogsa.impl.security.authentication.SOAPBodyIdResolver;
import org.globus.ogsa.impl.security.authentication.SignatureGss;
import org.globus.ogsa.impl.security.util.EnvelopeConverter;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;

/* loaded from: input_file:org/globus/ogsa/impl/security/authentication/wssec/WSSecurityEngine.class */
public abstract class WSSecurityEngine {
    private static Log log;
    public static final String SIG_LN = "Signature";
    static Class class$org$globus$ogsa$impl$security$authentication$wssec$WSSecurityEngine;

    public boolean handleSignatureElement(Element element, MessageContext messageContext) throws Exception {
        normalize(element);
        element.removeAttributeNS("http://www.w3.org/2000/xmlns/", "xenc");
        GssXMLSignature gssXMLSignature = new GssXMLSignature(element, (String) null);
        gssXMLSignature.addResourceResolver(SOAPBodyIdResolver.getInstance());
        if (gssXMLSignature.getSignedInfo().getSignatureMethodURI().equalsIgnoreCase(SignatureGss.URI)) {
            log.info("Found GSS XML signature");
            return verifyGssXMLSignature(gssXMLSignature, messageContext);
        }
        log.info("Found XML signature");
        return verifyXMLSignature(gssXMLSignature, messageContext);
    }

    public abstract boolean verifyGssXMLSignature(GssXMLSignature gssXMLSignature, MessageContext messageContext) throws Exception;

    protected X509Certificate[] getCertificatesX509Data(KeyInfo keyInfo) throws Exception {
        int lengthX509Data = keyInfo.lengthX509Data();
        if (lengthX509Data != 1) {
            throw new WSSecurityException(0, "invalidX509Data", new Object[]{new Integer(lengthX509Data)});
        }
        X509Data itemX509Data = keyInfo.itemX509Data(0);
        int lengthCertificate = itemX509Data.lengthCertificate();
        if (lengthCertificate <= 0) {
            throw new WSSecurityException(0, "invalidCertData", new Object[]{new Integer(lengthCertificate)});
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[lengthCertificate];
        for (int i = 0; i < lengthCertificate; i++) {
            x509CertificateArr[i] = CertUtil.loadCertificate(new ByteArrayInputStream(itemX509Data.itemCertificate(i).getCertificateBytes()));
        }
        return x509CertificateArr;
    }

    protected X509Certificate[] getCertificatesTokenReference(Element element) throws Exception {
        Reference reference = new SecurityTokenReference(element).getReference();
        if (reference == null) {
            throw new WSSecurityException(3, "noReference");
        }
        String uri = reference.getURI();
        log.debug(new StringBuffer().append("Token reference uri: ").append(uri).toString());
        if (uri == null) {
            throw new WSSecurityException(3, "badReferenceURI");
        }
        Element elementById = WSSecurityIdResolver.getInstance().getElementById(element.getOwnerDocument(), uri);
        if (elementById == null) {
            throw new WSSecurityException(7, "noToken", new Object[]{uri});
        }
        BinarySecurityToken createSecurityToken = BinarySecurityTokenFactory.getInstance().createSecurityToken(elementById);
        if (createSecurityToken instanceof PKIPathSecurityToken) {
            return ((PKIPathSecurityToken) createSecurityToken).getX509Certificates(true);
        }
        throw new WSSecurityException(1, "unhandledToken", new Object[]{createSecurityToken.getClass().getName()});
    }

    protected abstract ProxyPolicyHandler getGrimProxyHandler(XMLSignature xMLSignature, MessageContext messageContext) throws Exception;

    public abstract boolean verifyXMLSignature(XMLSignature xMLSignature, MessageContext messageContext) throws Exception;

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean verifyXMLSignature(XMLSignature xMLSignature, MessageContext messageContext, ProxyPathValidator proxyPathValidator) throws Exception {
        X509Certificate[] certificatesTokenReference;
        log.debug("Verify XML Signature");
        KeyInfo keyInfo = xMLSignature.getKeyInfo();
        if (keyInfo.containsX509Data()) {
            certificatesTokenReference = getCertificatesX509Data(keyInfo);
        } else {
            Node directChild = WSSecurityUtil.getDirectChild(keyInfo.getElement(), SecurityTokenReference.TOKEN.getLocalPart(), SecurityTokenReference.TOKEN.getNamespaceURI());
            if (directChild == null) {
                throw new WSSecurityException(3, "unsupportedKeyInfo", null);
            }
            certificatesTokenReference = getCertificatesTokenReference((Element) directChild);
        }
        if (!xMLSignature.checkSignatureValue(certificatesTokenReference[0])) {
            throw new WSSecurityException(6);
        }
        X509Certificate[] x509CertificateArr = null;
        TrustedCertificates defaultTrustedCertificates = TrustedCertificates.getDefaultTrustedCertificates();
        if (defaultTrustedCertificates != null) {
            x509CertificateArr = defaultTrustedCertificates.getCertificates();
        }
        CertificateRevocationLists defaultCertificateRevocationLists = CertificateRevocationLists.getDefaultCertificateRevocationLists();
        ProxyPolicyHandler grimProxyHandler = getGrimProxyHandler(xMLSignature, messageContext);
        if (grimProxyHandler != null) {
            log.debug("Grim policy handler set");
            proxyPathValidator.setProxyPolicyHandler("1.3.6.1.4.1.3536.1.1.1.7", grimProxyHandler);
        }
        proxyPathValidator.validate(certificatesTokenReference, x509CertificateArr, defaultCertificateRevocationLists);
        String identity = proxyPathValidator.getIdentity();
        messageContext.setProperty(Constants.GSI_SEC_MSG, Constants.SIGNATURE);
        Subject subject = getSubject(messageContext);
        subject.getPublicCredentials().add(certificatesTokenReference);
        subject.getPrincipals().add(new GlobusPrincipal(identity));
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject getSubject(MessageContext messageContext) {
        Subject subject = (Subject) messageContext.getProperty(org.globus.ogsa.impl.security.authentication.Constants.PEER_SUBJECT);
        if (subject == null) {
            subject = new Subject();
            messageContext.setProperty(org.globus.ogsa.impl.security.authentication.Constants.PEER_SUBJECT, subject);
        }
        return subject;
    }

    public boolean handleEncryptionElement(Element element, MessageContext messageContext) throws Exception {
        ReferenceList referenceList = new ReferenceList(element, (String) null);
        int lengthDataReference = referenceList.getLengthDataReference();
        if (lengthDataReference != 1) {
            throw new WSSecurityException(0, "invalidDataRef", new Object[]{new Integer(lengthDataReference)});
        }
        DataReference itemDataReference = referenceList.itemDataReference(0);
        log.debug(new StringBuffer().append("Looking for : ").append(itemDataReference.getURI()).toString());
        Element elementByIdInXENCNamespace = IdResolver.getElementByIdInXENCNamespace(element.getOwnerDocument(), itemDataReference.getURI());
        if (elementByIdInXENCNamespace == null) {
            throw new WSSecurityException(0, "noEncryptedData", new Object[]{itemDataReference.getURI()});
        }
        return decryptGssXMLEncryption(new GSSEncryptedData(elementByIdInXENCNamespace, null), messageContext);
    }

    public abstract boolean decryptGssXMLEncryption(GSSEncryptedData gSSEncryptedData, MessageContext messageContext) throws Exception;

    public Document processSecurityHeader(SOAPEnvelope sOAPEnvelope, MessageContext messageContext) throws Exception {
        return processSecurityHeader(sOAPEnvelope, (String) messageContext.getProperty("actor"), messageContext);
    }

    public Document processSecurityHeader(SOAPEnvelope sOAPEnvelope, String str, MessageContext messageContext) throws Exception {
        if (str == null) {
            str = "";
        }
        if (WSSecurityUtil.getSecurityHeader(sOAPEnvelope, str) == null) {
            return null;
        }
        log.info("Found WS-Security header(s)");
        Document document = EnvelopeConverter.getInstance().toDocument(sOAPEnvelope);
        NodeList elementsByTagNameNS = document.getElementsByTagNameNS(WSConstants.WSSE_NS, WSConstants.WS_SEC_LN);
        int length = elementsByTagNameNS.getLength();
        String str2 = null;
        for (int i = 0; i < length; i++) {
            Element element = (Element) elementsByTagNameNS.item(i);
            Attr attributeNodeNS = element.getAttributeNodeNS(WSConstants.SOAP_NS, "actor");
            if (attributeNodeNS != null) {
                str2 = attributeNodeNS.getValue();
            }
            if (str2 == null || str2.length() == 0 || str2.equalsIgnoreCase(str) || str2.equals("http://schemas.xmlsoap.org/soap/actor/next")) {
                processSecurityHeader(element, messageContext, str2);
            }
        }
        return document;
    }

    public void processSecurityHeader(Element element, MessageContext messageContext, String str) throws Exception {
        log.info(new StringBuffer().append("Processing WS-Security header for '").append(str).append("' actor.").toString());
        NodeList childNodes = element.getChildNodes();
        int length = childNodes.getLength();
        for (int i = 0; i < length; i++) {
            Node item = childNodes.item(i);
            if (WSConstants.SIG_NS.equalsIgnoreCase(item.getNamespaceURI()) && SIG_LN.equalsIgnoreCase(item.getLocalName())) {
                log.info("Found signature element");
                handleSignatureElement((Element) item, messageContext);
            } else if (WSConstants.ENC_NS.equalsIgnoreCase(item.getNamespaceURI())) {
                log.info("Found encryption element");
                handleEncryptionElement((Element) item, messageContext);
            } else {
                log.debug(new StringBuffer().append(item.getLocalName()).append(" ").append(item.getNamespaceURI()).toString());
            }
        }
        if ("".equals(str) && Boolean.TRUE.equals(messageContext.getProperty(org.globus.ogsa.impl.security.authentication.Constants.ROUTED))) {
            log.debug("Header not removed");
        } else {
            element.getParentNode().removeChild(element);
        }
    }

    public static void normalize(Node node) {
        if (node.getNodeType() == 3) {
            String data = ((Text) node).getData();
            if (data.length() > 1 && data.charAt(0) == '\n' && (data.charAt(1) == '\n' || data.charAt(1) == ' ')) {
                ((Text) node).setData("\n");
            }
        }
        Node firstChild = node.getFirstChild();
        while (true) {
            Node node2 = firstChild;
            if (node2 == null) {
                return;
            }
            normalize(node2);
            firstChild = node2.getNextSibling();
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$globus$ogsa$impl$security$authentication$wssec$WSSecurityEngine == null) {
            cls = class$("org.globus.ogsa.impl.security.authentication.wssec.WSSecurityEngine");
            class$org$globus$ogsa$impl$security$authentication$wssec$WSSecurityEngine = cls;
        } else {
            cls = class$org$globus$ogsa$impl$security$authentication$wssec$WSSecurityEngine;
        }
        log = LogFactory.getLog(cls.getName());
        Init.init();
    }
}
