package org.globus.wsrf.impl.security.authorization;

import java.io.Serializable;
import java.util.ArrayList;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.MessageContext;
import org.apache.axis.AxisFault;
import org.apache.axis.utils.XMLUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.util.I18n;
import org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException;
import org.globus.wsrf.impl.security.authorization.exceptions.CloseException;
import org.globus.wsrf.impl.security.authorization.exceptions.InitializeException;
import org.globus.wsrf.impl.security.authorization.exceptions.InvalidPolicyException;
import org.globus.wsrf.impl.security.util.AuthUtil;
import org.globus.wsrf.security.SecurityException;
import org.globus.wsrf.security.authorization.Interceptor;
import org.globus.wsrf.security.authorization.PDP;
import org.globus.wsrf.security.authorization.PDPConfig;
import org.globus.wsrf.security.authorization.PDPConstants;
import org.globus.wsrf.security.authorization.PIP;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/ghn-core-runtime-1.0.0.jar:org/globus/wsrf/impl/security/authorization/ServiceAuthorizationChain.class
 */
/* loaded from: input_file:WEB-INF/lib/wsrf-core-4.0.4.jar:org/globus/wsrf/impl/security/authorization/ServiceAuthorizationChain.class */
public class ServiceAuthorizationChain implements Interceptor, Serializable {
    private static I18n i18n;
    private static Log logger;
    protected boolean initialized;
    protected Interceptor[] interceptor;
    protected String[] interceptorName;
    private ServiceAuthorizationChain parentChain;
    private boolean chained = false;
    static Class class$org$globus$wsrf$impl$security$authorization$ServiceAuthorizationChain;

    public ServiceAuthorizationChain() {
    }

    public ServiceAuthorizationChain(ServiceAuthorizationChain serviceAuthorizationChain) {
        this.parentChain = serviceAuthorizationChain;
    }

    @Override // org.globus.wsrf.security.authorization.Interceptor
    public synchronized void initialize(PDPConfig pDPConfig, String str, String str2) throws InitializeException {
        if (this.initialized) {
            return;
        }
        this.initialized = true;
        init(pDPConfig);
        for (int i = 0; this.interceptor != null && i < this.interceptor.length; i++) {
            this.interceptor[i].initialize(pDPConfig, this.interceptorName[i], str2);
        }
    }

    public String[] getPolicyNames() {
        ArrayList arrayList = new ArrayList();
        if (this.parentChain != null) {
            String[] policyNames = this.parentChain.getPolicyNames();
            for (int i = 0; policyNames != null && i < policyNames.length; i++) {
                arrayList.add(policyNames[i]);
            }
        }
        for (int i2 = 0; this.interceptor != null && i2 < this.interceptor.length; i2++) {
            if (this.interceptor[i2] instanceof PDP) {
                String[] policyNames2 = ((PDP) this.interceptor[i2]).getPolicyNames();
                for (int i3 = 0; policyNames2 != null && i3 < policyNames2.length; i3++) {
                    arrayList.add(policyNames2[i3]);
                }
            }
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    public Node getPolicy(Node node) throws InvalidPolicyException {
        Node policy;
        Node policy2;
        try {
            Document newDocument = XMLUtils.newDocument();
            Element createElementNS = newDocument.createElementNS(PDPConstants.SERVICE_AUTHORIZATION_MANAGEMENT_NS, PDPConstants.SERVICE_POLICIES_TAG);
            newDocument.appendChild(createElementNS);
            if (this.parentChain != null && (policy2 = this.parentChain.getPolicy(node)) != null) {
                createElementNS.appendChild(newDocument.importNode(policy2, true));
            }
            for (int i = 0; this.interceptor != null && i < this.interceptor.length; i++) {
                if ((this.interceptor[i] instanceof PDP) && (policy = ((PDP) this.interceptor[i]).getPolicy(node)) != null) {
                    createElementNS.appendChild(newDocument.importNode(policy, true));
                }
            }
            return createElementNS;
        } catch (Exception e) {
            throw new InvalidPolicyException(i18n.getMessage("getPolicy"), e);
        }
    }

    public Node setPolicy(Node node) throws InvalidPolicyException {
        Node policy;
        Node policy2;
        try {
            Document newDocument = XMLUtils.newDocument();
            Element createElementNS = newDocument.createElementNS(PDPConstants.SERVICE_AUTHORIZATION_MANAGEMENT_NS, PDPConstants.SERVICE_POLICIES_TAG);
            if (this.parentChain != null && (policy2 = this.parentChain.setPolicy(node)) != null) {
                createElementNS.appendChild(newDocument.importNode(policy2, true));
            }
            for (int i = 0; this.interceptor != null && i < this.interceptor.length; i++) {
                if ((this.interceptor[i] instanceof PDP) && (policy = ((PDP) this.interceptor[i]).setPolicy(node)) != null) {
                    createElementNS.appendChild(newDocument.importNode(policy, true));
                }
            }
            return createElementNS;
        } catch (Exception e) {
            throw new InvalidPolicyException(i18n.getMessage("setPolicy"), e);
        }
    }

    private boolean intercept(Subject subject, MessageContext messageContext, QName qName) throws AuthorizationException {
        boolean z = true;
        if (this.parentChain != null && this.parentChain.authorize(subject, messageContext, qName)) {
            return true;
        }
        int i = 0;
        while (true) {
            if (this.interceptor == null || i >= this.interceptor.length) {
                break;
            }
            if (logger.isDebugEnabled()) {
                logger.debug(new StringBuffer().append("Interceptor ").append(this.interceptor[i].getClass().getName()).toString());
            }
            if (this.interceptor[i] instanceof PDP) {
                if (!((PDP) this.interceptor[i]).isPermitted(subject, messageContext, qName)) {
                    z = false;
                    break;
                }
            } else if (this.interceptor[i] instanceof PIP) {
                ((PIP) this.interceptor[i]).collectAttributes(subject, messageContext, qName);
            }
            i++;
        }
        return z;
    }

    public void authorize(Subject subject, MessageContext messageContext, String str) throws AuthorizationException {
        authorize(subject, messageContext);
    }

    public boolean authorize(Subject subject, MessageContext messageContext) throws AuthorizationException {
        QName qName;
        if (!this.initialized) {
            throw new AuthorizationException(i18n.getMessage("initialize"));
        }
        try {
            qName = (QName) messageContext.getProperty(PDPConstants.ACTION);
            if (qName == null) {
                qName = AuthUtil.getOperationName((org.apache.axis.MessageContext) messageContext);
            }
        } catch (AxisFault e) {
            qName = null;
        } catch (SecurityException e2) {
            qName = null;
        }
        if (qName == null) {
            throw new AuthorizationException(i18n.getMessage("noTargetOperation"));
        }
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("Target operation is \"").append(qName.toString()).append("\". Called by subject \"").append(AuthUtil.getIdentity(subject)).append("\"").toString());
        }
        return authorize(subject, messageContext, qName);
    }

    public boolean authorize(Subject subject, MessageContext messageContext, QName qName) throws AuthorizationException {
        String identity = AuthUtil.getIdentity(subject);
        try {
            if (intercept(subject, messageContext, qName)) {
                logger.info(i18n.getMessage("authorized", new Object[]{identity, qName}));
                return true;
            }
            if (this.chained) {
                return false;
            }
            logger.warn(i18n.getMessage("notAuthorized", new Object[]{identity, qName}));
            throw new AuthorizationException(i18n.getMessage("notAuthorized", new Object[]{identity, qName}));
        } catch (Exception e) {
            throw new AuthorizationException(i18n.getMessage("policyDecision"), e);
        }
    }

    public void setChained(boolean z) {
        this.chained = z;
    }

    public boolean isChained() {
        return this.chained;
    }

    private synchronized void init(PDPConfig pDPConfig) throws InitializeException {
        Class cls;
        InterceptorConfig[] interceptors = pDPConfig.getInterceptors();
        if (interceptors == null) {
            throw new InitializeException(i18n.getMessage("noInterceptors"));
        }
        this.interceptor = new Interceptor[interceptors.length];
        this.interceptorName = new String[interceptors.length];
        for (int i = 0; i < interceptors.length; i++) {
            try {
                if (logger.isDebugEnabled()) {
                    logger.debug(new StringBuffer().append("Trying to load: ").append(interceptors[i].getInterceptorClass()).toString());
                }
                Interceptor[] interceptorArr = this.interceptor;
                int i2 = i;
                if (class$org$globus$wsrf$impl$security$authorization$ServiceAuthorizationChain == null) {
                    cls = class$("org.globus.wsrf.impl.security.authorization.ServiceAuthorizationChain");
                    class$org$globus$wsrf$impl$security$authorization$ServiceAuthorizationChain = cls;
                } else {
                    cls = class$org$globus$wsrf$impl$security$authorization$ServiceAuthorizationChain;
                }
                interceptorArr[i2] = (Interceptor) cls.getClassLoader().loadClass(interceptors[i].getInterceptorClass()).newInstance();
                this.interceptorName[i] = interceptors[i].getName();
            } catch (Exception e) {
                throw new InitializeException(i18n.getMessage("loadChain"), e);
            }
        }
    }

    @Override // org.globus.wsrf.security.authorization.Interceptor
    public void close() throws CloseException {
        for (int i = 0; i < this.interceptor.length; i++) {
            if (this.interceptor[i] != null) {
                this.interceptor[i].close();
            }
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$org$globus$wsrf$impl$security$authorization$ServiceAuthorizationChain == null) {
            cls = class$("org.globus.wsrf.impl.security.authorization.ServiceAuthorizationChain");
            class$org$globus$wsrf$impl$security$authorization$ServiceAuthorizationChain = cls;
        } else {
            cls = class$org$globus$wsrf$impl$security$authorization$ServiceAuthorizationChain;
        }
        i18n = I18n.getI18n("org.globus.wsrf.impl.security.authorization.errors", cls.getClassLoader());
        if (class$org$globus$wsrf$impl$security$authorization$ServiceAuthorizationChain == null) {
            cls2 = class$("org.globus.wsrf.impl.security.authorization.ServiceAuthorizationChain");
            class$org$globus$wsrf$impl$security$authorization$ServiceAuthorizationChain = cls2;
        } else {
            cls2 = class$org$globus$wsrf$impl$security$authorization$ServiceAuthorizationChain;
        }
        logger = LogFactory.getLog(cls2.getName());
    }
}
