package xsul.xhandler.client;

import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.globus.gsi.GlobusCredential;
import org.xmlpull.v1.builder.XmlElement;
import org.xmlpull.v1.builder.XmlInfosetBuilder;
import org.xmlpull.v1.builder.XmlNamespace;
import xsul.MLogger;
import xsul.XmlConstants;
import xsul.dsig.saml.authorization.Capability;
import xsul.dsig.saml.authorization.CapabilityEnforcer;
import xsul.dsig.saml.authorization.CapabilityException;
import xsul.dsig.saml.authorization.CapabilityUtil;
import xsul.invoker.DynamicInfosetInvokerException;
import xsul.message_router.MessageContext;
import xsul.wsdl.WsdlUtil;
import xsul.xhandler.BaseHandler;
import xsul.xhandler.MCtxConstants;
import xsul.xhandler.XHandlerContext;
import xsul.xhandler.exception.CapabilityConfigurationException;
import xsul.xpola.XpolaFactory;
import xsul.xpola.capman.CapabilityManager;

/* loaded from: input_file:xsul/xhandler/client/ClientCapabilityHandler.class */
public class ClientCapabilityHandler extends BaseHandler {
    private static final MLogger logger = MLogger.getLogger();
    private static final XmlInfosetBuilder builder = XmlConstants.BUILDER;
    private GlobusCredential credential;
    private X509Certificate[] trustedCerts;
    private String capmanLoc;
    private String svcLoc;
    private Capability cap;

    public ClientCapabilityHandler(String str, Capability capability) {
        super(str);
        this.cap = capability;
        this.svcLoc = capability.getResource();
        try {
            this.credential = GlobusCredential.getDefaultCredential();
            this.trustedCerts = CapabilityUtil.getTrustedCertificates(null).getCertificates();
        } catch (Exception e) {
        }
    }

    public ClientCapabilityHandler(String str, GlobusCredential globusCredential, X509Certificate[] x509CertificateArr, Capability capability) {
        super(str);
        this.credential = globusCredential;
        this.trustedCerts = x509CertificateArr;
        this.cap = capability;
        this.svcLoc = capability.getResource();
    }

    public ClientCapabilityHandler(String str, String str2, String str3) {
        super(str);
        this.capmanLoc = str3;
        int indexOf = str2.indexOf(63);
        if (indexOf > 0) {
            this.svcLoc = str2.substring(0, indexOf);
        } else {
            this.svcLoc = str2;
        }
        try {
            this.credential = GlobusCredential.getDefaultCredential();
            this.trustedCerts = CapabilityUtil.getTrustedCertificates(null).getCertificates();
        } catch (Exception e) {
        }
    }

    public ClientCapabilityHandler(String str, GlobusCredential globusCredential, X509Certificate[] x509CertificateArr, String str2, String str3) {
        super(str);
        this.credential = globusCredential;
        this.trustedCerts = x509CertificateArr;
        this.capmanLoc = str3;
        int indexOf = str2.indexOf(63);
        if (indexOf > 0) {
            this.svcLoc = str2.substring(0, indexOf);
        } else {
            this.svcLoc = str2;
        }
    }

    public void setCapmanLoc(String str) {
        this.capmanLoc = str;
    }

    public void setCap(Capability capability) {
        this.cap = capability;
    }

    public void setCredential(GlobusCredential globusCredential) {
        this.credential = globusCredential;
    }

    public void setTrustedCerts(X509Certificate[] x509CertificateArr) {
        this.trustedCerts = x509CertificateArr;
    }

    @Override // xsul.xhandler.BaseHandler, xsul.xhandler.XHandler
    public void init(XHandlerContext xHandlerContext) {
        super.init(xHandlerContext);
        boolean z = false;
        boolean z2 = false;
        Iterator it = xHandlerContext.getWsdlPort().elements(WsdlUtil.WSDL_SOAP12_NS, WsdlUtil.FEATURE_EL).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String attributeValue = ((XmlElement) it.next()).getAttributeValue((String) null, WsdlUtil.URI_ATTR);
            if (MCtxConstants.FEATURE_SIGNATURE.equals(attributeValue)) {
                logger.config("signaure attr existed");
                z = true;
            } else if (MCtxConstants.FEATURE_CAPABILITY.equals(attributeValue)) {
                logger.config("capability attr existed");
                z2 = true;
            }
            if (z && z2) {
                setHandlerDisabled(false);
                break;
            }
        }
        if (!z && z2) {
            throw new CapabilityConfigurationException("server wsdl configuration missing signature handler");
        }
        logger.finest("handlerDisabled=" + isHandlerDisabled());
    }

    @Override // xsul.xhandler.BaseHandler
    public boolean processOutgoingXml(XmlElement xmlElement, MessageContext messageContext) throws DynamicInfosetInvokerException {
        if (messageContext.element(MCtxConstants.NS, MCtxConstants.SIGNED) != null) {
            throw new DynamicInfosetInvokerException("Signature handler should be after capability handler.");
        }
        if (!needCap(messageContext)) {
            return false;
        }
        if (this.cap == null) {
            getCapability();
        }
        try {
            String canonicalizeSubject = CapabilityUtil.canonicalizeSubject(this.credential.getSubject());
            logger.finest("subject: " + canonicalizeSubject);
            messageContext.setOutgoingMessage((XmlElement) CapabilityEnforcer.newInstance(this.cap, canonicalizeSubject).addCapability(xmlElement.getParent()).getDocumentElement().element((XmlNamespace) null, "Body").requiredElementContent().iterator().next());
            messageContext.addElement(MCtxConstants.NS, MCtxConstants.CAPENFORCED);
            return false;
        } catch (CapabilityException e) {
            throw new DynamicInfosetInvokerException("could not add capability token", e);
        }
    }

    @Override // xsul.xhandler.BaseHandler
    public boolean processIncomingXml(XmlElement xmlElement, MessageContext messageContext) throws DynamicInfosetInvokerException {
        return false;
    }

    private void getCapability() throws CapabilityException {
        try {
            logger.finest("Using WSDL " + CapabilityManager.class.getResource("capman.wsdl").toString());
            String capability = XpolaFactory.getCapman(this.capmanLoc).getCapability(this.svcLoc, CapabilityUtil.canonicalizeSubject(this.credential.getSubject()));
            logger.finest(capability.toString());
            this.cap = new Capability(capability);
        } catch (Exception e) {
            throw new CapabilityException("failed to get capability", e);
        }
    }

    private boolean needCap(MessageContext messageContext) {
        return messageContext.element(MCtxConstants.NS, MCtxConstants.NOCAPABILITY) == null && messageContext.element(MCtxConstants.NS, MCtxConstants.CAPENFORCED) == null;
    }
}
