package org.globus.wsrf.impl.security.authorization;

import javax.security.auth.Subject;
import org.apache.axis.AxisFault;
import org.apache.axis.MessageContext;
import org.apache.axis.handlers.BasicHandler;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.wsrf.Resource;
import org.globus.wsrf.ResourceContext;
import org.globus.wsrf.ResourceContextException;
import org.globus.wsrf.ResourceException;
import org.globus.wsrf.config.ConfigException;
import org.globus.wsrf.impl.security.authentication.Constants;
import org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException;
import org.globus.wsrf.impl.security.descriptor.ContainerSecurityConfig;
import org.globus.wsrf.impl.security.descriptor.SecureResourcePropertiesHelper;
import org.globus.wsrf.impl.security.descriptor.SecurityDescriptor;
import org.globus.wsrf.impl.security.descriptor.SecurityPropertiesHelper;
import org.globus.wsrf.impl.security.descriptor.ServiceSecurityConfig;
import org.globus.wsrf.impl.security.util.AuthUtil;
import org.globus.wsrf.impl.security.util.PDPUtils;
import org.globus.wsrf.utils.ContextUtils;

/* loaded from: input_file:org/globus/wsrf/impl/security/authorization/AuthorizationHandler.class */
public class AuthorizationHandler extends BasicHandler {
    private static Log logger;
    static Class class$org$globus$wsrf$impl$security$authorization$AuthorizationHandler;

    public void invoke(MessageContext messageContext) throws AxisFault {
        Resource resource;
        logger.debug("Authorization");
        Subject subject = (Subject) messageContext.getProperty(Constants.PEER_SUBJECT);
        if (subject == null) {
            logger.debug("No authenticaiton done, so no authz");
            return;
        }
        String targetServicePath = ContextUtils.getTargetServicePath(messageContext);
        if (targetServicePath == null) {
            return;
        }
        logger.debug(new StringBuffer().append("Service path ").append(targetServicePath).toString());
        Boolean bool = (Boolean) messageContext.getProperty(Constants.AUTHZ_REQUIRED);
        if (bool != null && bool.equals(Boolean.FALSE)) {
            logger.debug("Authz not required, since auth not enforced");
            return;
        }
        try {
            resource = ResourceContext.getResourceContext(messageContext).getResource();
        } catch (ResourceContextException e) {
            resource = null;
            logger.debug("Error getting resource/may not exist", e);
        } catch (ResourceException e2) {
            resource = null;
            logger.debug("Error getting resource/may not exist", e2);
        }
        logger.debug(new StringBuffer().append("Resource is null: ").append(resource == null).toString());
        ServiceAuthorizationChain serviceAuthorizationChain = null;
        SecurityDescriptor securityDescriptor = null;
        if (resource != null) {
            securityDescriptor = SecureResourcePropertiesHelper.getResourceSecDescriptor(resource);
            if (securityDescriptor != null) {
                try {
                    serviceAuthorizationChain = SecureResourcePropertiesHelper.getAuthzChain(resource);
                } catch (ConfigException e3) {
                    throw AxisFault.makeFault(e3);
                }
            }
        }
        logger.debug(new StringBuffer().append("Sec desc after resource is ").append(securityDescriptor != null).toString());
        if (serviceAuthorizationChain == null) {
            try {
                securityDescriptor = ServiceSecurityConfig.getSecurityDescriptor(targetServicePath);
                if (securityDescriptor != null) {
                    serviceAuthorizationChain = securityDescriptor.getAuthzChain();
                }
            } catch (ConfigException e4) {
                throw AxisFault.makeFault(e4);
            }
        }
        logger.debug(new StringBuffer().append("Sec desc after service is ").append(securityDescriptor != null).toString());
        if (serviceAuthorizationChain == null) {
            try {
                ContainerSecurityConfig config = ContainerSecurityConfig.getConfig();
                securityDescriptor = config.getSecurityDescriptor();
                if (securityDescriptor != null) {
                    serviceAuthorizationChain = securityDescriptor.getAuthzChain();
                }
                if (serviceAuthorizationChain == null && config.getSecurityDescriptorFile() == null) {
                    logger.debug("Insecure container");
                    securityDescriptor = null;
                }
            } catch (ConfigException e5) {
                throw AxisFault.makeFault(e5);
            }
        }
        logger.debug(new StringBuffer().append("Sec desc after container is ").append(securityDescriptor != null).toString());
        if (securityDescriptor == null) {
            logger.debug("Insecure setting, return");
            return;
        }
        if (serviceAuthorizationChain == null) {
            logger.debug("Sec desc is present, default authz chain");
            try {
                serviceAuthorizationChain = PDPUtils.getServiceAuthzChain(getDefaultAuthzChain(targetServicePath, resource), targetServicePath);
            } catch (ConfigException e6) {
                throw AxisFault.makeFault(e6);
            }
        }
        logger.debug("Invoking authorize on authz chain");
        try {
            serviceAuthorizationChain.authorize(subject, (javax.xml.rpc.handler.MessageContext) messageContext, targetServicePath);
        } catch (AuthorizationException e7) {
            throw AxisFault.makeFault(e7);
        }
    }

    private String getDefaultAuthzChain(String str, Resource resource) {
        boolean z;
        try {
            z = SecurityPropertiesHelper.gridMapPresent(str, resource);
        } catch (ConfigException e) {
            z = false;
        }
        return !z ? AuthUtil.getPDPName(Authorization.AUTHZ_SELF) : AuthUtil.getPDPName("gridmap");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$globus$wsrf$impl$security$authorization$AuthorizationHandler == null) {
            cls = class$("org.globus.wsrf.impl.security.authorization.AuthorizationHandler");
            class$org$globus$wsrf$impl$security$authorization$AuthorizationHandler = cls;
        } else {
            cls = class$org$globus$wsrf$impl$security$authorization$AuthorizationHandler;
        }
        logger = LogFactory.getLog(cls.getName());
    }
}
