package org.globus.ogsa.impl.security;

import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.axis.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.gsi.jaas.JaasSubject;
import org.globus.ogsa.GridContext;
import org.globus.ogsa.ServiceProperties;
import org.globus.ogsa.impl.security.authentication.SecureServicePropertiesHelper;
import org.globus.ogsa.impl.security.descriptor.ContainerSecurityConfig;
import org.globus.ogsa.impl.security.descriptor.SecurityConfig;
import org.globus.security.gridmap.GridMap;
import org.globus.util.I18n;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;

/* loaded from: input_file:org/globus/ogsa/impl/security/SecurityManager.class */
public class SecurityManager {
    private static Log logger;
    private static I18n i18n;
    private static SecurityManager manager;
    static Class class$org$globus$ogsa$impl$security$SecurityManager;
    static Class class$org$globus$gsi$jaas$GlobusPrincipal;

    public static synchronized SecurityManager getManager() {
        if (manager == null) {
            manager = new SecurityManager();
        }
        return manager;
    }

    public Subject getSystemSubject() throws SecurityException {
        try {
            return ContainerSecurityConfig.getConfig().getSubject();
        } catch (Exception e) {
            logger.error(i18n.getMessage("failContainerCred"), e);
            throw new SecurityException(i18n.getMessage("failContainerCred"));
        }
    }

    public Subject getServiceSubject(ServiceProperties serviceProperties) {
        try {
            SecurityConfig.refresh(serviceProperties);
        } catch (Exception e) {
            logger.error("Failed to refresh service subject", e);
        }
        return SecureServicePropertiesHelper.getSubject(serviceProperties);
    }

    public Subject getSubject(ServiceProperties serviceProperties) throws SecurityException {
        Subject serviceSubject = getServiceSubject(serviceProperties);
        return serviceSubject == null ? getSystemSubject() : serviceSubject;
    }

    public String getCaller() {
        Principal callerPrincipal = getCallerPrincipal();
        if (callerPrincipal == null) {
            return null;
        }
        return callerPrincipal.getName();
    }

    public Principal getCallerPrincipal() {
        Subject subject;
        Set<Principal> principals;
        MessageContext currentContext = MessageContext.getCurrentContext();
        if (currentContext == null || (subject = (Subject) currentContext.getProperty(org.globus.ogsa.impl.security.authentication.Constants.PEER_SUBJECT)) == null || (principals = subject.getPrincipals()) == null || principals.isEmpty()) {
            return null;
        }
        return principals.iterator().next();
    }

    public Subject setServiceOwnerFromContext(ServiceProperties serviceProperties) throws SecurityException {
        Class cls;
        Subject currentSubject = JaasSubject.getCurrentSubject();
        if (currentSubject == null) {
            throw new SecurityException(i18n.getMessage("noSubject"));
        }
        Set<Object> privateCredentials = currentSubject.getPrivateCredentials();
        if (privateCredentials == null || privateCredentials.isEmpty()) {
            throw new SecurityException(i18n.getMessage("noPrivateCred"));
        }
        currentSubject.setReadOnly();
        SecureServicePropertiesHelper.setSubject(serviceProperties, currentSubject);
        if (class$org$globus$gsi$jaas$GlobusPrincipal == null) {
            cls = class$("org.globus.gsi.jaas.GlobusPrincipal");
            class$org$globus$gsi$jaas$GlobusPrincipal = cls;
        } else {
            cls = class$org$globus$gsi$jaas$GlobusPrincipal;
        }
        Set principals = currentSubject.getPrincipals(cls);
        if (principals != null && !principals.isEmpty()) {
            Iterator it = principals.iterator();
            while (it.hasNext()) {
                addAuthorizedUser(serviceProperties, ((Principal) it.next()).getName());
            }
        }
        return currentSubject;
    }

    public Subject setServiceOwnerFromContext(ServiceProperties serviceProperties, GridContext gridContext) throws SecurityException {
        return setServiceOwnerFromContext(serviceProperties);
    }

    public void addAuthorizedUser(ServiceProperties serviceProperties, GSSCredential gSSCredential) throws SecurityException {
        if (gSSCredential == null) {
            throw new IllegalArgumentException("cred == null");
        }
        try {
            addAuthorizedUser(serviceProperties, gSSCredential.getName().toString());
        } catch (GSSException e) {
            throw new SecurityException((Exception) e);
        }
    }

    public void addAuthorizedUser(ServiceProperties serviceProperties, String str) throws SecurityException {
        if (str == null) {
            throw new IllegalArgumentException("userId == null");
        }
        GridMap gridMap = SecureServicePropertiesHelper.getGridMap(serviceProperties);
        if (gridMap == null) {
            gridMap = new GridMap();
            SecureServicePropertiesHelper.setGridMap(serviceProperties, gridMap);
        }
        logger.debug(new StringBuffer().append("Setting service owner : ").append(str).toString());
        gridMap.map(str, System.getProperty("user.name"));
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$org$globus$ogsa$impl$security$SecurityManager == null) {
            cls = class$("org.globus.ogsa.impl.security.SecurityManager");
            class$org$globus$ogsa$impl$security$SecurityManager = cls;
        } else {
            cls = class$org$globus$ogsa$impl$security$SecurityManager;
        }
        logger = LogFactory.getLog(cls.getName());
        if (class$org$globus$ogsa$impl$security$SecurityManager == null) {
            cls2 = class$("org.globus.ogsa.impl.security.SecurityManager");
            class$org$globus$ogsa$impl$security$SecurityManager = cls2;
        } else {
            cls2 = class$org$globus$ogsa$impl$security$SecurityManager;
        }
        i18n = I18n.getI18n("org.globus.ogsa.impl.security.resource", cls2.getClassLoader());
    }
}
