package org.globus.wsrf.impl.security.authentication.secureconv.service;

import java.rmi.RemoteException;
import javax.security.auth.Subject;
import org.apache.axis.MessageContext;
import org.apache.axis.message.MessageElement;
import org.apache.axis.types.URI;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.gsi.gssapi.GSSConstants;
import org.globus.gsi.jaas.JaasGssUtil;
import org.globus.util.Base64;
import org.globus.util.I18n;
import org.globus.ws.sc.SecurityContextTokenType;
import org.globus.ws.trust.BinaryExchangeType;
import org.globus.ws.trust.RequestSecurityTokenResponseType;
import org.globus.ws.trust.RequestSecurityTokenType;
import org.globus.ws.trust.holders.RequestSecurityTokenResponseTypeHolder;
import org.globus.wsrf.Resource;
import org.globus.wsrf.ResourceContext;
import org.globus.wsrf.ResourceContextException;
import org.globus.wsrf.ResourceException;
import org.globus.wsrf.encoding.ObjectSerializer;
import org.globus.wsrf.impl.ResourceContextImpl;
import org.globus.wsrf.impl.SimpleResourceKey;
import org.globus.wsrf.impl.security.authentication.secureconv.SecureConversationMessage;
import org.globus.wsrf.impl.security.descriptor.SecurityPropertiesHelper;
import org.globus.wsrf.security.SecurityException;
import org.globus.wsrf.security.SecurityManager;
import org.globus.wsrf.security.impl.secconv.BinaryExchangeFaultType;
import org.globus.wsrf.security.impl.secconv.EncodingTypeNotSupportedFaultType;
import org.globus.wsrf.security.impl.secconv.InvalidContextIdFaultType;
import org.globus.wsrf.security.impl.secconv.MalformedMessageFaultType;
import org.globus.wsrf.security.impl.secconv.RequestTypeNotSupportedFaultType;
import org.globus.wsrf.security.impl.secconv.SecureConversation;
import org.globus.wsrf.security.impl.secconv.TokenTypeNotSupportedFaultType;
import org.globus.wsrf.security.impl.secconv.ValueTypeNotSupportedFaultType;
import org.globus.wsrf.utils.AddressingUtils;
import org.globus.wsrf.utils.FaultHelper;
import org.gridforum.jgss.ExtendedGSSContext;
import org.gridforum.jgss.ExtendedGSSManager;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;

/* loaded from: input_file:WEB-INF/lib/wsrf-core-4.0.4.jar:org/globus/wsrf/impl/security/authentication/secureconv/service/AuthenticationServiceImpl.class */
public class AuthenticationServiceImpl implements AuthenticationServiceConstants, SecureConversation {
    static Log logger;
    private static I18n i18n;
    static Class class$org$globus$wsrf$impl$security$authentication$secureconv$service$AuthenticationServiceImpl;

    protected GSSCredential getCredential(String str, Resource resource) throws SecurityException {
        Subject subject = SecurityManager.getManager().getSubject(str, resource);
        logger.debug(new StringBuffer().append("Credential on server side ").append(subject).toString());
        if (subject == null) {
            throw new SecurityException(i18n.getMessage("invalidCredentials"));
        }
        return JaasGssUtil.getCredential(subject);
    }

    private String getTargetService() {
        MessageContext currentContext = MessageContext.getCurrentContext();
        String str = (String) currentContext.getProperty(AuthenticationServiceConstants.TARGET_SERVICE);
        if (str == null) {
            str = currentContext.getTargetService();
        }
        logger.debug(new StringBuffer().append("Target service ").append(str).toString());
        return str;
    }

    private Resource getTargetResource(String str) throws SecurityException {
        Resource resource;
        logger.debug(new StringBuffer().append("Service path is ").append(str).toString());
        try {
            ResourceContext resourceContext = ResourceContext.getResourceContext();
            ((ResourceContextImpl) resourceContext).setService(str);
            try {
                resource = resourceContext.getResource();
            } catch (ResourceContextException e) {
                resource = null;
                logger.debug("Error getting resource/may not exist", e);
            } catch (ResourceException e2) {
                resource = null;
                logger.debug("Error getting resource/may not exist", e2);
            }
            logger.debug(new StringBuffer().append("Resource is null: ").append(resource == null).toString());
            return resource;
        } catch (ResourceContextException e3) {
            throw new SecurityException((Throwable) e3);
        }
    }

    /* JADX WARN: Type inference failed for: r0v13, types: [java.lang.Throwable, org.globus.wsrf.security.impl.secconv.InvalidContextIdFaultType, org.oasis.wsrf.faults.BaseFaultType] */
    /* JADX WARN: Type inference failed for: r0v32, types: [java.lang.Throwable, org.globus.wsrf.security.impl.secconv.BinaryExchangeFaultType, org.oasis.wsrf.faults.BaseFaultType] */
    @Override // org.globus.wsrf.security.impl.secconv.SecureConversation
    public void requestSecurityTokenResponse(RequestSecurityTokenResponseTypeHolder requestSecurityTokenResponseTypeHolder) throws RemoteException, MalformedMessageFaultType, InvalidContextIdFaultType, TokenTypeNotSupportedFaultType, ValueTypeNotSupportedFaultType, EncodingTypeNotSupportedFaultType, BinaryExchangeFaultType, RequestTypeNotSupportedFaultType {
        RequestSecurityTokenResponseType requestSecurityTokenResponseType = requestSecurityTokenResponseTypeHolder.value;
        BinaryExchangeType parseMessage = new SecureConversationMessage(requestSecurityTokenResponseType.get_any()).parseMessage();
        String schemeSpecificPart = requestSecurityTokenResponseType.getContext().getSchemeSpecificPart();
        try {
            ResourceContext resourceContext = ResourceContext.getResourceContext();
            SecurityContextHome securityContextHome = (SecurityContextHome) resourceContext.getResourceHome();
            logger.debug(new StringBuffer().append("Context id is ").append(schemeSpecificPart).toString());
            SimpleResourceKey simpleResourceKey = new SimpleResourceKey(securityContextHome.getKeyTypeName(), schemeSpecificPart);
            GSSContext context = ((SecurityContext) securityContextHome.find(simpleResourceKey)).getContext();
            byte[] decode = Base64.decode(parseMessage.get_value().getBytes());
            try {
                byte[] acceptSecContext = context.acceptSecContext(decode, 0, decode.length);
                if (acceptSecContext != null && context.isEstablished()) {
                    SecurityContextTokenType createSecurityContextToken = createSecurityContextToken(requestSecurityTokenResponseType.getContext(), resourceContext, simpleResourceKey);
                    parseMessage.set_value(new String(Base64.encode(acceptSecContext)));
                    requestSecurityTokenResponseType.set_any(SecureConversationMessage.createMessage(parseMessage, createSecurityContextToken));
                } else if (acceptSecContext != null) {
                    parseMessage.set_value(new String(Base64.encode(acceptSecContext)));
                    requestSecurityTokenResponseType.set_any(SecureConversationMessage.createMessage(parseMessage));
                } else if (context.isEstablished()) {
                    requestSecurityTokenResponseType.set_any(SecureConversationMessage.createMessage(createSecurityContextToken(requestSecurityTokenResponseType.getContext(), resourceContext, simpleResourceKey)));
                }
            } catch (Exception e) {
                ?? binaryExchangeFaultType = new BinaryExchangeFaultType();
                new FaultHelper(binaryExchangeFaultType).addFaultCause(e);
                throw binaryExchangeFaultType;
            }
        } catch (Exception e2) {
            ?? invalidContextIdFaultType = new InvalidContextIdFaultType();
            new FaultHelper(invalidContextIdFaultType).addFaultCause(e2);
            throw invalidContextIdFaultType;
        }
    }

    private SecurityContextTokenType createSecurityContextToken(URI uri, ResourceContext resourceContext, SimpleResourceKey simpleResourceKey) throws Exception {
        SecurityContextTokenType securityContextTokenType = new SecurityContextTokenType();
        securityContextTokenType.setIdentifier(uri);
        securityContextTokenType.set_any(new MessageElement[]{(MessageElement) ObjectSerializer.toSOAPElement(AddressingUtils.createEndpointReference(resourceContext.getServiceURL().toString(), simpleResourceKey), SecureConversationMessage.CONTEXT_EPR_QNAME)});
        return securityContextTokenType;
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [java.lang.Throwable, org.globus.wsrf.security.impl.secconv.BinaryExchangeFaultType, org.oasis.wsrf.faults.BaseFaultType] */
    /* JADX WARN: Type inference failed for: r0v46, types: [java.lang.Throwable, org.globus.wsrf.security.impl.secconv.BinaryExchangeFaultType, org.oasis.wsrf.faults.BaseFaultType] */
    @Override // org.globus.wsrf.security.impl.secconv.SecureConversation
    public RequestSecurityTokenResponseType requestSecurityToken(RequestSecurityTokenType requestSecurityTokenType) throws RemoteException, MalformedMessageFaultType, TokenTypeNotSupportedFaultType, ValueTypeNotSupportedFaultType, EncodingTypeNotSupportedFaultType, BinaryExchangeFaultType, RequestTypeNotSupportedFaultType {
        logger.debug("Enter requestSecurityToken");
        RequestSecurityTokenResponseType requestSecurityTokenResponseType = new RequestSecurityTokenResponseType();
        BinaryExchangeType parseMessage = new SecureConversationMessage(requestSecurityTokenType.get_any()).parseMessage();
        GSSManager extendedGSSManager = ExtendedGSSManager.getInstance();
        String targetService = getTargetService();
        if (targetService == null) {
            ?? binaryExchangeFaultType = new BinaryExchangeFaultType();
            new FaultHelper(binaryExchangeFaultType).setDescription(i18n.getMessage("noTargetService"));
            throw binaryExchangeFaultType;
        }
        try {
            Resource targetResource = getTargetResource(targetService);
            ExtendedGSSContext extendedGSSContext = (ExtendedGSSContext) extendedGSSManager.createContext(getCredential(targetService, targetResource));
            logger.debug(new StringBuffer().append("Invoking secure service on ").append(targetService).toString());
            Integer contextLifetime = SecurityPropertiesHelper.getContextLifetime(targetService, targetResource);
            if (contextLifetime != null) {
                logger.debug(new StringBuffer().append("Setting context lifetime to ").append(contextLifetime.intValue()).toString());
                extendedGSSContext.requestLifetime(contextLifetime.intValue());
            }
            extendedGSSContext.setOption(GSSConstants.REJECT_LIMITED_PROXY, SecurityPropertiesHelper.getRejectLimitedProxyState(targetService, targetResource));
            extendedGSSContext.setOption(GSSConstants.ACCEPT_NO_CLIENT_CERTS, Boolean.TRUE);
            requestSecurityTokenResponseType.setContext(new URI("uuid", (String) ((SecurityContextHome) ResourceContext.getResourceContext().getResourceHome()).create(extendedGSSContext).getValue()));
            byte[] decode = Base64.decode(parseMessage.get_value().getBytes());
            parseMessage.set_value(new String(Base64.encode(extendedGSSContext.acceptSecContext(decode, 0, decode.length))));
            requestSecurityTokenResponseType.set_any(SecureConversationMessage.createMessage(parseMessage));
            return requestSecurityTokenResponseType;
        } catch (Exception e) {
            ?? binaryExchangeFaultType2 = new BinaryExchangeFaultType();
            new FaultHelper(binaryExchangeFaultType2).addFaultCause(e);
            throw binaryExchangeFaultType2;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$org$globus$wsrf$impl$security$authentication$secureconv$service$AuthenticationServiceImpl == null) {
            cls = class$("org.globus.wsrf.impl.security.authentication.secureconv.service.AuthenticationServiceImpl");
            class$org$globus$wsrf$impl$security$authentication$secureconv$service$AuthenticationServiceImpl = cls;
        } else {
            cls = class$org$globus$wsrf$impl$security$authentication$secureconv$service$AuthenticationServiceImpl;
        }
        logger = LogFactory.getLog(cls.getName());
        if (class$org$globus$wsrf$impl$security$authentication$secureconv$service$AuthenticationServiceImpl == null) {
            cls2 = class$("org.globus.wsrf.impl.security.authentication.secureconv.service.AuthenticationServiceImpl");
            class$org$globus$wsrf$impl$security$authentication$secureconv$service$AuthenticationServiceImpl = cls2;
        } else {
            cls2 = class$org$globus$wsrf$impl$security$authentication$secureconv$service$AuthenticationServiceImpl;
        }
        i18n = I18n.getI18n("org.globus.wsrf.impl.security.error", cls2.getClassLoader());
    }
}
