package org.globus.wsrf.impl.security.authentication.wssec;

import java.security.Key;
import java.security.PrivateKey;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.xml.rpc.handler.MessageContext;
import javax.xml.soap.SOAPEnvelope;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.signature.XMLSignature;
import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
import org.globus.gsi.proxy.ProxyPathValidator;
import org.globus.wsrf.Resource;
import org.globus.wsrf.ResourceContext;
import org.globus.wsrf.ResourceContextException;
import org.globus.wsrf.ResourceException;
import org.globus.wsrf.impl.security.authentication.secureconv.service.SecurityContext;
import org.globus.wsrf.impl.security.descriptor.SecurityPropertiesHelper;
import org.globus.wsrf.providers.GSSPublicKey;
import org.globus.wsrf.security.Constants;
import org.globus.wsrf.security.SecurityManager;
import org.globus.wsrf.utils.ContextUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/wsrf-core-4.0.4.jar:org/globus/wsrf/impl/security/authentication/wssec/WSSecurityRequestEngine.class
 */
/* loaded from: input_file:WEB-INF/lib/ghn-core-runtime-1.0.0.jar:org/globus/wsrf/impl/security/authentication/wssec/WSSecurityRequestEngine.class */
public class WSSecurityRequestEngine extends WSSecurityEngine {
    private static Log log;
    private static WSSecurityEngine engine;
    static Class class$org$globus$wsrf$impl$security$authentication$wssec$WSSecurityRequestEngine;

    public static synchronized WSSecurityEngine getEngine() {
        if (engine == null) {
            engine = new WSSecurityRequestEngine();
        }
        return engine;
    }

    @Override // org.globus.wsrf.impl.security.authentication.wssec.WSSecurityEngine
    public Document processSecurityHeader(SOAPEnvelope sOAPEnvelope, MessageContext messageContext) throws Exception {
        return processSecurityHeader(sOAPEnvelope, messageContext, true);
    }

    @Override // org.globus.wsrf.impl.security.authentication.wssec.WSSecurityEngine
    public boolean verifyXMLSignature(XMLSignature xMLSignature, MessageContext messageContext) throws Exception {
        Resource resource;
        ProxyPathValidator proxyPathValidator = new ProxyPathValidator();
        try {
            resource = ResourceContext.getResourceContext((org.apache.axis.MessageContext) messageContext).getResource();
        } catch (ResourceContextException e) {
            log.debug("Resource does not exist ", e);
            resource = null;
        } catch (ResourceException e2) {
            log.debug("Resource does not exist ", e2);
            resource = null;
        }
        if (Boolean.TRUE.equals(SecurityPropertiesHelper.getRejectLimitedProxyState(ContextUtils.getTargetServicePath((org.apache.axis.MessageContext) messageContext), resource))) {
            log.debug("Reject Limited Proxy is true, service");
            proxyPathValidator.setRejectLimitedProxyCheck(true);
        }
        return verifyXMLSignature(xMLSignature, messageContext, proxyPathValidator);
    }

    @Override // org.globus.wsrf.impl.security.authentication.wssec.WSSecurityEngine
    public boolean decryptXMLEncryption(Element element, MessageContext messageContext) throws Exception {
        Set<Object> privateCredentials;
        log.debug("Enter: decryptXMLEncryption");
        ensureSignature(messageContext);
        PrivateKey privateKey = null;
        Subject systemSubject = SecurityManager.getManager((org.apache.axis.MessageContext) messageContext).getSystemSubject();
        if (systemSubject != null && (privateCredentials = systemSubject.getPrivateCredentials()) != null) {
            Iterator<Object> it = privateCredentials.iterator();
            if (it.hasNext()) {
                privateKey = ((GlobusGSSCredentialImpl) it.next()).getPrivateKey();
            }
        }
        if (privateKey == null) {
            log.error("No credentials to decrypt");
            throw new WSSecurityException(0, "noCreds");
        }
        messageContext.setProperty(Constants.GSI_SEC_MSG, org.globus.wsrf.impl.security.authentication.Constants.ENCRYPTION);
        return decryptXMLEncryption(element, privateKey);
    }

    @Override // org.globus.wsrf.impl.security.authentication.wssec.WSSecurityEngine
    public boolean verifyGssXMLSignature(XMLSignature xMLSignature, MessageContext messageContext) throws Exception {
        log.debug("Enter: verifyGssXMLSignature");
        SecurityContext context = GSSSecurityEngine.getContext((org.apache.axis.MessageContext) messageContext, xMLSignature.getKeyInfo());
        if (context == null) {
            throw new WSSecurityException(0, "noContext01");
        }
        boolean checkSignatureValue = xMLSignature.checkSignatureValue((Key) new GSSPublicKey((String) context.getID(), context.getContext()));
        setContextProperties(messageContext, context, org.globus.wsrf.impl.security.authentication.Constants.SIGNATURE);
        log.debug("Exit: verifyGssXMLSignature");
        return checkSignatureValue;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$globus$wsrf$impl$security$authentication$wssec$WSSecurityRequestEngine == null) {
            cls = class$("org.globus.wsrf.impl.security.authentication.wssec.WSSecurityRequestEngine");
            class$org$globus$wsrf$impl$security$authentication$wssec$WSSecurityRequestEngine = cls;
        } else {
            cls = class$org$globus$wsrf$impl$security$authentication$wssec$WSSecurityRequestEngine;
        }
        log = LogFactory.getLog(cls.getName());
    }
}
