package org.globus.wsrf.impl.security.authentication.secureconv;

import java.net.URL;
import java.util.Map;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.xml.rpc.Stub;
import javax.xml.rpc.handler.GenericHandler;
import javax.xml.rpc.handler.HandlerInfo;
import javax.xml.rpc.handler.MessageContext;
import org.apache.axis.message.addressing.AddressingHeaders;
import org.apache.axis.message.addressing.To;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.axis.gsi.GSIConstants;
import org.globus.gsi.gssapi.GSSConstants;
import org.globus.gsi.jaas.JaasGssUtil;
import org.globus.gsi.jaas.JaasSubject;
import org.globus.wsrf.impl.security.authentication.secureconv.service.AuthenticationServiceConstants;
import org.globus.wsrf.impl.security.authentication.secureconv.service.SecurityContext;
import org.globus.wsrf.impl.security.authentication.wssec.WSSecurityFault;
import org.globus.wsrf.impl.security.authorization.Authorization;
import org.globus.wsrf.impl.security.authorization.HostAuthorization;
import org.globus.wsrf.impl.security.authorization.SelfAuthorization;
import org.globus.wsrf.impl.security.util.AuthUtil;
import org.globus.wsrf.security.Constants;
import org.globus.wsrf.security.impl.secconv.SecureConversation;
import org.globus.wsrf.security.impl.secconv.SecureConversationServiceAddressingLocator;
import org.gridforum.jgss.ExtendedGSSContext;
import org.gridforum.jgss.ExtendedGSSManager;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:WEB-INF/lib/wsrf-core-4.0.4.jar:org/globus/wsrf/impl/security/authentication/secureconv/SecContextHandler.class */
public class SecContextHandler extends GenericHandler {
    protected static Log log;
    private Authenticator authInfo;
    private String lastMode;
    private Integer lastContextLifetime;
    private boolean auto;
    private Thread lastThread;
    private static SecureConversationServiceAddressingLocator locator;
    static Class class$org$globus$wsrf$impl$security$authentication$secureconv$SecContextHandler;

    public SecContextHandler() {
        log.debug("Enter: constructor");
    }

    @Override // javax.xml.rpc.handler.GenericHandler, javax.xml.rpc.handler.Handler
    public boolean handleRequest(MessageContext messageContext) {
        GSSName name;
        Subject currentSubject;
        log.debug("Enter: invoke");
        Object property = messageContext.getProperty(Constants.GSI_SEC_CONV);
        if (property == null || property.equals(org.globus.wsrf.impl.security.authentication.Constants.NONE)) {
            this.authInfo = null;
            log.debug("Exit: invoke");
            return true;
        }
        if (log.isDebugEnabled()) {
            if (this.lastThread == null) {
                this.lastThread = Thread.currentThread();
            } else if (this.lastThread != Thread.currentThread()) {
                throw WSSecurityFault.makeFault(new Exception("Multiple threads accessing the same handler!"));
            }
        }
        String str = (String) messageContext.getProperty(GSIConstants.GSI_MODE);
        if (str == null) {
            str = GSIConstants.GSI_MODE_NO_DELEG;
        }
        Integer num = (Integer) messageContext.getProperty(org.globus.wsrf.impl.security.authentication.Constants.CONTEXT_LIFETIME);
        if (this.authInfo != null && str.equals(this.lastMode) && (num == null || num.equals(this.lastContextLifetime))) {
            log.debug("Reusing existing context");
        } else {
            log.debug("Establishing new context");
            try {
                String endpointAddress = AuthUtil.getEndpointAddress(messageContext);
                if (this.auto) {
                    endpointAddress = new StringBuffer().append(endpointAddress).append(AuthenticationServiceConstants.AUTH_SERVICE_PATH).toString();
                }
                log.debug(new StringBuffer().append("Endpoint address is ").append(endpointAddress).toString());
                URL url = new URL(endpointAddress);
                AddressingHeaders addressingHeaders = (AddressingHeaders) messageContext.getProperty(org.apache.axis.message.addressing.Constants.ENV_ADDRESSING_REQUEST_HEADERS);
                To to = addressingHeaders.getTo();
                addressingHeaders.setTo(new To(endpointAddress));
                SecureConversation secureConversationPort = locator.getSecureConversationPort(url);
                ((Stub) secureConversationPort)._setProperty(org.apache.axis.message.addressing.Constants.ENV_ADDRESSING_REQUEST_HEADERS, addressingHeaders);
                GSSCredential credential = AuthUtil.getCredential(messageContext);
                if (credential == null && (currentSubject = JaasSubject.getCurrentSubject()) != null) {
                    log.debug("Get credentials assocaited with thread");
                    credential = JaasGssUtil.getCredential(currentSubject);
                }
                int i = 0;
                if (num != null) {
                    i = num.intValue();
                }
                log.debug(new StringBuffer().append("Lifetime is ").append(i).toString());
                GSSManager extendedGSSManager = ExtendedGSSManager.getInstance();
                boolean z = false;
                Object property2 = messageContext.getProperty("org.globus.gsi.anonymous");
                if (property2 == null) {
                    property2 = messageContext.getProperty(Constants.GSI_SEC_CONV_ANON);
                }
                if (property2 != null && property2.equals(Boolean.TRUE)) {
                    log.debug("Anonymous is true");
                    z = true;
                }
                if (z) {
                    credential = extendedGSSManager.createCredential(extendedGSSManager.createName((String) null, (Oid) null), 0, (Oid) null, 1);
                }
                Authorization clientAuthorization = AuthUtil.getClientAuthorization(messageContext);
                if (clientAuthorization == null) {
                    clientAuthorization = HostAuthorization.getInstance();
                }
                log.debug(new StringBuffer().append("Authz is ").append(clientAuthorization.getClass().getName()).toString());
                if (clientAuthorization instanceof SelfAuthorization) {
                    if (!z && credential == null) {
                        credential = extendedGSSManager.createCredential(1);
                    }
                    name = credential.getName();
                } else {
                    name = clientAuthorization.getName(messageContext);
                }
                ((Stub) secureConversationPort)._setProperty(Constants.AUTHORIZATION, clientAuthorization);
                if (credential != null) {
                    ((Stub) secureConversationPort)._setProperty("org.globus.gsi.credentials", credential);
                }
                ExtendedGSSContext extendedGSSContext = (ExtendedGSSContext) extendedGSSManager.createContext(name, GSSConstants.MECH_OID, credential, i);
                extendedGSSContext.requestConf(true);
                if (z) {
                    log.debug("Setting anonyumous true");
                    extendedGSSContext.requestAnonymity(true);
                }
                log.debug(new StringBuffer().append("Delegation mode: ").append(str).toString());
                if (str.equalsIgnoreCase(GSIConstants.GSI_MODE_LIMITED_DELEG)) {
                    extendedGSSContext.setOption(GSSConstants.DELEGATION_TYPE, GSIConstants.DELEGATION_TYPE_LIMITED);
                    extendedGSSContext.requestCredDeleg(true);
                } else if (str.equalsIgnoreCase(GSIConstants.GSI_MODE_FULL_DELEG)) {
                    extendedGSSContext.setOption(GSSConstants.DELEGATION_TYPE, GSIConstants.DELEGATION_TYPE_FULL);
                    extendedGSSContext.requestCredDeleg(true);
                } else {
                    if (!str.equalsIgnoreCase(GSIConstants.GSI_MODE_NO_DELEG)) {
                        throw new Exception(new StringBuffer().append("Invalid GSI MODE: ").append(str).toString());
                    }
                    extendedGSSContext.requestCredDeleg(false);
                }
                this.lastMode = str;
                this.lastContextLifetime = num;
                this.authInfo = new Authenticator(extendedGSSContext);
                this.authInfo.authenticate(secureConversationPort);
                addressingHeaders.setTo(to);
                log.debug("Context established");
            } catch (Exception e) {
                this.authInfo = null;
                log.debug("Failed to establish security context", e);
                throw WSSecurityFault.makeFault(e);
            }
        }
        messageContext.setProperty(org.globus.wsrf.impl.security.authentication.Constants.CONTEXT, new SecurityContext(this.authInfo.getContext(), this.authInfo.getContextId()));
        log.debug("Exit: invoke");
        return true;
    }

    @Override // javax.xml.rpc.handler.GenericHandler, javax.xml.rpc.handler.Handler
    public void init(HandlerInfo handlerInfo) {
        Map handlerConfig;
        if (handlerInfo == null || (handlerConfig = handlerInfo.getHandlerConfig()) == null) {
            return;
        }
        String str = (String) handlerConfig.get("authService");
        this.auto = str != null && str.equals("auto");
    }

    @Override // javax.xml.rpc.handler.GenericHandler, javax.xml.rpc.handler.Handler
    public QName[] getHeaders() {
        return null;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$globus$wsrf$impl$security$authentication$secureconv$SecContextHandler == null) {
            cls = class$("org.globus.wsrf.impl.security.authentication.secureconv.SecContextHandler");
            class$org$globus$wsrf$impl$security$authentication$secureconv$SecContextHandler = cls;
        } else {
            cls = class$org$globus$wsrf$impl$security$authentication$secureconv$SecContextHandler;
        }
        log = LogFactory.getLog(cls.getName());
        locator = new SecureConversationServiceAddressingLocator();
    }
}
