package org.gcube.common.core.security.impl.authentication.extendedhandlers;

import java.util.List;
import java.util.Vector;
import org.apache.axis.AxisFault;
import org.apache.axis.MessageContext;
import org.globus.gsi.gssapi.GSSConstants;
import org.globus.util.I18n;
import org.globus.wsrf.config.ConfigException;
import org.globus.wsrf.impl.security.authentication.AuthHandler;
import org.globus.wsrf.impl.security.authentication.Constants;
import org.globus.wsrf.impl.security.authentication.DescriptorHandler;
import org.globus.wsrf.impl.security.authentication.RunAsHandler;
import org.globus.wsrf.impl.security.descriptor.ContainerSecurityConfig;
import org.globus.wsrf.impl.security.descriptor.ContainerSecurityDescriptor;
import org.globus.wsrf.impl.security.descriptor.ResourceSecurityDescriptor;
import org.globus.wsrf.impl.security.descriptor.ServiceSecurityDescriptor;
import org.gridforum.jgss.ExtendedGSSContext;
import org.ietf.jgss.GSSException;

/* loaded from: input_file:WEB-INF/lib/gcf-1.6.2-3.8.0.jar:org/gcube/common/core/security/impl/authentication/extendedhandlers/ExtendedSecurityPolicyHandler.class */
public class ExtendedSecurityPolicyHandler extends ExtendedDescriptorHandler {
    private static final long serialVersionUID = 1;
    private static List<DescriptorHandler> handlers = new Vector();
    protected static I18n i18n = I18n.getI18n("org.globus.wsrf.impl.security.authentication.errors");

    @Override // org.gcube.common.core.security.impl.authentication.extendedhandlers.ExtendedDescriptorHandler
    public void handle(MessageContext messageContext, ResourceSecurityDescriptor resourceSecurityDescriptor, ServiceSecurityDescriptor serviceSecurityDescriptor, String str) throws AxisFault {
        ExtendedGSSContext extendedGSSContext = (ExtendedGSSContext) messageContext.getProperty(Constants.TRANSPORT_SECURITY_CONTEXT);
        if (extendedGSSContext != null) {
            String rejectLimitedProxyState = resourceSecurityDescriptor != null ? resourceSecurityDescriptor.getRejectLimitedProxyState() : null;
            if (rejectLimitedProxyState == null && serviceSecurityDescriptor != null) {
                rejectLimitedProxyState = serviceSecurityDescriptor.getRejectLimitedProxyState();
            }
            if (rejectLimitedProxyState == null) {
                try {
                    ContainerSecurityDescriptor securityDescriptor = ContainerSecurityConfig.getConfig().getSecurityDescriptor();
                    if (securityDescriptor != null) {
                        rejectLimitedProxyState = securityDescriptor.getRejectLimitedProxyState();
                    }
                } catch (ConfigException e) {
                    throw AxisFault.makeFault(e);
                }
            }
            if (rejectLimitedProxyState != null && rejectLimitedProxyState.equals("true")) {
                Boolean bool = null;
                try {
                    bool = (Boolean) extendedGSSContext.inquireByOid(GSSConstants.RECEIVED_LIMITED_PROXY);
                } catch (GSSException e2) {
                    AxisFault.makeFault(e2);
                }
                if (Boolean.TRUE.equals(bool)) {
                    throw new AxisFault(i18n.getMessage("rejectLimitedProxy"));
                }
            }
        }
        int size = handlers.size();
        for (int i = 0; i < size; i++) {
            handlers.get(i).handle(messageContext, resourceSecurityDescriptor, serviceSecurityDescriptor, str);
        }
    }

    static {
        handlers.add(new AuthHandler());
        handlers.add(new RunAsHandler());
    }
}
