package org.globus.ogsa.impl.security.authentication.wssec;

import java.security.cert.X509Certificate;
import javax.security.auth.Subject;
import javax.xml.rpc.handler.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.signature.XMLSignature;
import org.globus.gsi.gssapi.GSSConstants;
import org.globus.gsi.jaas.GlobusPrincipal;
import org.globus.gsi.proxy.ProxyPathValidator;
import org.globus.gsi.proxy.ProxyPolicyHandler;
import org.globus.ogsa.ServiceProperties;
import org.globus.ogsa.impl.security.Constants;
import org.globus.ogsa.impl.security.authentication.ContextManager;
import org.globus.ogsa.impl.security.authentication.GSSEncryptedData;
import org.globus.ogsa.impl.security.authentication.GssXMLSignature;
import org.globus.ogsa.impl.security.authentication.SecContext;
import org.globus.ogsa.impl.security.authentication.SecureServicePropertiesHelper;
import org.globus.ogsa.impl.security.descriptor.SecurityDescriptor;
import org.globus.ogsa.repository.ServiceActivationException;
import org.globus.ogsa.repository.ServiceNode;
import org.gridforum.jgss.ExtendedGSSContext;
import org.gridforum.ogsi.NoSuchServiceFaultType;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSName;

/* loaded from: input_file:org/globus/ogsa/impl/security/authentication/wssec/WSSecurityRequestEngine.class */
public class WSSecurityRequestEngine extends WSSecurityEngine {
    private static Log log;
    private static WSSecurityEngine engine;
    static Class class$org$globus$ogsa$impl$security$authentication$wssec$WSSecurityRequestEngine;

    public static synchronized WSSecurityEngine getEngine() {
        if (engine == null) {
            engine = new WSSecurityRequestEngine();
        }
        return engine;
    }

    @Override // org.globus.ogsa.impl.security.authentication.wssec.WSSecurityEngine
    public boolean verifyGssXMLSignature(GssXMLSignature gssXMLSignature, MessageContext messageContext) throws Exception {
        log.debug("Enter: verifyGssXMLSignature");
        String keyInfoContextId = gssXMLSignature.getKeyInfoContextId();
        log.debug(new StringBuffer().append("context id: ").append(keyInfoContextId).toString());
        SecContext context = getContext((org.apache.axis.MessageContext) messageContext, keyInfoContextId);
        if (context == null) {
            throw new WSSecurityException(0, "noContext", new Object[]{keyInfoContextId});
        }
        gssXMLSignature.verify(context.getContext());
        setContextProperties(messageContext, context, Constants.SIGNATURE);
        log.debug("Exit: verifyGssXMLSignature");
        return false;
    }

    @Override // org.globus.ogsa.impl.security.authentication.wssec.WSSecurityEngine
    public boolean decryptGssXMLEncryption(GSSEncryptedData gSSEncryptedData, MessageContext messageContext) throws Exception {
        log.debug("Enter: decryptGssXMLEncryption");
        String keyInfoContextId = gSSEncryptedData.getKeyInfoContextId();
        log.debug(new StringBuffer().append("context id: ").append(keyInfoContextId).toString());
        SecContext context = getContext((org.apache.axis.MessageContext) messageContext, keyInfoContextId);
        if (context == null) {
            throw new WSSecurityException(0, "noContext", new Object[]{keyInfoContextId});
        }
        gSSEncryptedData.decryptAndReplace(context.getContext());
        setContextProperties(messageContext, context, Constants.ENCRYPTION);
        log.debug("Exit: decryptGssXMLEncryption");
        return true;
    }

    @Override // org.globus.ogsa.impl.security.authentication.wssec.WSSecurityEngine
    protected ProxyPolicyHandler getGrimProxyHandler(XMLSignature xMLSignature, MessageContext messageContext) throws Exception {
        String targetService = ((org.apache.axis.MessageContext) messageContext).getTargetService();
        ServiceNode rootNode = ServiceNode.getRootNode();
        if (((ServiceProperties) rootNode.resolve(targetService)) == null) {
            return null;
        }
        try {
            return SecureServicePropertiesHelper.getGrimProxyPolicyHandler((ServiceProperties) rootNode.activate(targetService));
        } catch (ServiceActivationException e) {
            log.debug("Service activation failed", e);
            return null;
        }
    }

    private SecContext getContext(org.apache.axis.MessageContext messageContext, String str) throws Exception {
        ContextManager contextManager = SecureServicePropertiesHelper.getContextManager(getServiceProperties(messageContext));
        if (contextManager == null) {
            return null;
        }
        return contextManager.get(str);
    }

    private ServiceProperties getServiceProperties(org.apache.axis.MessageContext messageContext) throws Exception {
        ServiceProperties serviceProperties = (ServiceProperties) ServiceNode.getRootNode().resolve(messageContext.getTargetService());
        if (serviceProperties == null) {
            throw new NoSuchServiceFaultType();
        }
        return serviceProperties;
    }

    private void setContextProperties(MessageContext messageContext, SecContext secContext, Integer num) throws Exception {
        X509Certificate[] x509CertificateArr;
        messageContext.setProperty(org.globus.ogsa.impl.security.authentication.Constants.CONTEXT, secContext);
        messageContext.setProperty("org.globus.security.secConv.msg.type", num);
        Subject subject = getSubject(messageContext);
        ExtendedGSSContext context = secContext.getContext();
        GSSName srcName = context.getSrcName();
        if (srcName.isAnonymous()) {
            return;
        }
        String obj = srcName.toString();
        GSSCredential delegCred = context.getDelegCred();
        if ((context instanceof ExtendedGSSContext) && (x509CertificateArr = (X509Certificate[]) context.inquireByOid(GSSConstants.X509_CERT_CHAIN)) != null) {
            subject.getPublicCredentials().add(x509CertificateArr);
        }
        subject.getPrincipals().add(new GlobusPrincipal(obj));
        if (delegCred != null) {
            subject.getPrivateCredentials().add(delegCred);
        }
    }

    @Override // org.globus.ogsa.impl.security.authentication.wssec.WSSecurityEngine
    public boolean verifyXMLSignature(XMLSignature xMLSignature, MessageContext messageContext) throws Exception {
        ProxyPathValidator proxyPathValidator = new ProxyPathValidator();
        SecurityDescriptor securityDescriptor = SecureServicePropertiesHelper.getSecurityDescriptor(getServiceProperties((org.apache.axis.MessageContext) messageContext));
        if (securityDescriptor != null && securityDescriptor.getRejectLimitedProxyState()) {
            log.debug("Reject Limited Proxy is true");
            proxyPathValidator.setRejectLimitedProxyCheck(true);
        }
        return verifyXMLSignature(xMLSignature, messageContext, proxyPathValidator);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$globus$ogsa$impl$security$authentication$wssec$WSSecurityRequestEngine == null) {
            cls = class$("org.globus.ogsa.impl.security.authentication.wssec.WSSecurityRequestEngine");
            class$org$globus$ogsa$impl$security$authentication$wssec$WSSecurityRequestEngine = cls;
        } else {
            cls = class$org$globus$ogsa$impl$security$authentication$wssec$WSSecurityRequestEngine;
        }
        log = LogFactory.getLog(cls.getName());
    }
}
