package xsul.xhandler.server;

import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.globus.gsi.GlobusCredential;
import org.xmlpull.v1.builder.XmlElement;
import org.xmlpull.v1.builder.XmlInfosetBuilder;
import xsul.MLogger;
import xsul.XmlConstants;
import xsul.dsig.globus.security.authentication.wssec.WSConstants;
import xsul.dsig.saml.authorization.Capability;
import xsul.dsig.saml.authorization.CapabilityAuthorizer;
import xsul.dsig.saml.authorization.CapabilityException;
import xsul.dsig.saml.authorization.CapabilityUtil;
import xsul.invoker.DynamicInfosetInvokerException;
import xsul.message_router.MessageContext;
import xsul.soap.SoapUtil;
import xsul.soap11_util.Soap11Util;
import xsul.soap12_util.Soap12Util;
import xsul.wsdl.WsdlPort;
import xsul.wsdl.WsdlUtil;
import xsul.xhandler.BaseHandler;
import xsul.xhandler.MCtxConstants;
import xsul.xhandler.XHandlerContext;
import xsul.xhandler.exception.CapabilityConfigurationException;

/* loaded from: input_file:xsul/xhandler/server/ServerCapabilityHandler.class */
public class ServerCapabilityHandler extends BaseHandler {
    private static final MLogger logger = MLogger.getLogger();
    private static final XmlInfosetBuilder builder = XmlConstants.BUILDER;
    private GlobusCredential credential;
    private X509Certificate[] trustedCerts;
    private String svcurl;
    private String owner_name;

    public ServerCapabilityHandler(String str, String str2) {
        super(str);
        this.svcurl = str2;
        try {
            this.credential = GlobusCredential.getDefaultCredential();
            this.trustedCerts = CapabilityUtil.getTrustedCertificates(null).getCertificates();
            this.owner_name = CapabilityUtil.canonicalizeSubject(this.credential.getSubject());
        } catch (Exception e) {
        }
    }

    public ServerCapabilityHandler(String str, GlobusCredential globusCredential, X509Certificate[] x509CertificateArr, String str2) {
        super(str);
        this.credential = globusCredential;
        this.trustedCerts = x509CertificateArr;
        this.svcurl = str2;
        this.owner_name = CapabilityUtil.canonicalizeSubject(globusCredential.getSubject());
    }

    @Override // xsul.xhandler.BaseHandler, xsul.xhandler.XHandler
    public void init(XHandlerContext xHandlerContext) {
        super.init(xHandlerContext);
        boolean z = false;
        boolean z2 = false;
        WsdlPort wsdlPort = xHandlerContext.getWsdlPort();
        Iterator it = wsdlPort.elements(WsdlUtil.WSDL_SOAP12_NS, WsdlUtil.FEATURE_EL).iterator();
        while (it.hasNext()) {
            String attributeValue = ((XmlElement) it.next()).getAttributeValue(null, WsdlUtil.URI_ATTR);
            if (MCtxConstants.FEATURE_SIGNATURE.equals(attributeValue)) {
                logger.config("signaure attr existed");
                z = true;
            } else if (MCtxConstants.FEATURE_CAPABILITY.equals(attributeValue)) {
                logger.config("capability attr existed");
                z2 = true;
            }
            if (z && z2) {
                return;
            }
        }
        if (!z) {
            throw new CapabilityConfigurationException("missing signature handler");
        }
        XmlElement addElement = wsdlPort.addElement(WsdlUtil.WSDL_SOAP12_NS, WsdlUtil.FEATURE_EL);
        addElement.addAttribute(WsdlUtil.URI_ATTR, MCtxConstants.FEATURE_CAPABILITY);
        addElement.addAttribute(WsdlUtil.REQUIRED_ATTR, "true");
    }

    @Override // xsul.xhandler.BaseHandler
    public boolean processOutgoingXml(XmlElement xmlElement, MessageContext messageContext) throws DynamicInfosetInvokerException {
        return false;
    }

    @Override // xsul.xhandler.BaseHandler
    public boolean processIncomingXml(XmlElement xmlElement, MessageContext messageContext) throws DynamicInfosetInvokerException {
        if (!needCapCheck(messageContext)) {
            return false;
        }
        SoapUtil selectSoapFragrance = SoapUtil.selectSoapFragrance(xmlElement, new SoapUtil[]{Soap11Util.getInstance(), Soap12Util.getInstance()});
        try {
            String str = this.svcurl;
            if (str == null || str.equals("")) {
            }
            logger.finest(new StringBuffer().append("service uri: ").append(str).toString());
            CapabilityAuthorizer newInstance = CapabilityAuthorizer.newInstance(str, this.owner_name);
            if (newInstance == null) {
                throw new CapabilityException("No authorizer found");
            }
            XmlElement element = messageContext.element(MCtxConstants.NS, MCtxConstants.PRINCIPAL);
            if (element == null) {
                throw new DynamicInfosetInvokerException("principal null");
            }
            String requiredTextContent = element.requiredTextContent();
            XmlElement element2 = xmlElement.element(null, "Header").element(null, WSConstants.WS_SEC_LN).element(MCtxConstants.SAML_NS, "Assertion");
            if (element2 != null) {
                newInstance.isAuthorized(requiredTextContent, new Capability(builder.serializeToString(element2)), xmlElement);
                return false;
            }
            logger.finest("capability element null");
            XmlElement generateSoapClientFault = selectSoapFragrance.generateSoapClientFault("unathorized access: capability null", null);
            selectSoapFragrance.wrapBodyContent(generateSoapClientFault);
            messageContext.setOutgoingMessage(generateSoapClientFault);
            return true;
        } catch (CapabilityException e) {
            XmlElement generateSoapClientFault2 = selectSoapFragrance.generateSoapClientFault(new StringBuffer().append("unathorized access").append(e.getMessage()).toString(), null);
            selectSoapFragrance.wrapBodyContent(generateSoapClientFault2);
            messageContext.setOutgoingMessage(generateSoapClientFault2);
            return true;
        }
    }

    private boolean needCapCheck(MessageContext messageContext) {
        return messageContext.element(MCtxConstants.NS, MCtxConstants.NOCAPABILITYCHECK) == null && messageContext.element(MCtxConstants.NS, MCtxConstants.CAPCHECKED) == null;
    }
}
