package org.globus.wsrf.impl.security.authorization;

import java.net.MalformedURLException;
import java.net.URL;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.util.I18n;
import org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException;
import org.globus.wsrf.impl.security.authorization.exceptions.CloseException;
import org.globus.wsrf.impl.security.authorization.exceptions.InitializeException;
import org.globus.wsrf.impl.security.authorization.exceptions.InvalidPolicyException;
import org.globus.wsrf.impl.security.util.AuthUtil;
import org.globus.wsrf.security.authorization.PDP;
import org.globus.wsrf.security.authorization.PDPConfig;
import org.gridforum.jgss.ExtendedGSSManager;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.w3c.dom.Node;

/* loaded from: input_file:WEB-INF/lib/wsrf-core-4.0.4.jar:org/globus/wsrf/impl/security/authorization/HostAuthorization.class */
public class HostAuthorization implements PDP, Authorization {
    private static I18n i18n;
    private static Log logger;
    GSSName expected;
    private String service;
    private PDPConfig pdpConfig;
    private String namePrefix;
    public static final String URL_PROPERTY = "url";
    public static final String SERVICE_PROPERTY = "service";
    static Class class$org$globus$wsrf$impl$security$authorization$HostAuthorization;

    public HostAuthorization() {
        this.expected = null;
        this.service = Authorization.AUTHZ_HOST;
        this.pdpConfig = null;
        this.namePrefix = null;
    }

    public HostAuthorization(String str) {
        this.expected = null;
        this.service = Authorization.AUTHZ_HOST;
        this.pdpConfig = null;
        this.namePrefix = null;
        if (str != null) {
            this.service = str;
        }
    }

    public static synchronized HostAuthorization getInstance() {
        return new HostAuthorization();
    }

    @Override // org.globus.wsrf.security.authorization.Interceptor
    public void initialize(PDPConfig pDPConfig, String str, String str2) throws InitializeException {
        this.pdpConfig = pDPConfig;
        this.namePrefix = str;
    }

    @Override // org.globus.wsrf.security.authorization.PDP
    public String[] getPolicyNames() {
        return null;
    }

    @Override // org.globus.wsrf.security.authorization.PDP
    public Node getPolicy(Node node) throws InvalidPolicyException {
        return null;
    }

    @Override // org.globus.wsrf.security.authorization.PDP
    public Node setPolicy(Node node) throws InvalidPolicyException {
        return null;
    }

    @Override // org.globus.wsrf.security.authorization.Interceptor
    public void close() throws CloseException {
    }

    @Override // org.globus.wsrf.security.authorization.PDP
    public boolean isPermitted(Subject subject, MessageContext messageContext, QName qName) throws AuthorizationException {
        URL url = (URL) this.pdpConfig.getProperty(this.namePrefix, URL_PROPERTY);
        if (logger.isDebugEnabled()) {
            logger.debug(new StringBuffer().append("URL ").append(url).toString());
        }
        if (url == null) {
            logger.debug(i18n.getMessage("hostNull"));
            throw new AuthorizationException(i18n.getMessage("hostNull"));
        }
        String str = (String) this.pdpConfig.getProperty(this.namePrefix, "service");
        if (str != null) {
            this.service = str;
        }
        this.expected = getName(url);
        return authorize(AuthUtil.getIdentity(subject));
    }

    @Override // org.globus.wsrf.impl.security.authorization.Authorization
    public void authorize(Subject subject, MessageContext messageContext) throws AuthorizationException {
        this.expected = getName(messageContext);
        String identity = AuthUtil.getIdentity(subject);
        if (authorize(identity)) {
            return;
        }
        logger.warn(i18n.getMessage("hostAuthFail", new Object[]{this.expected, identity}));
        throw new AuthorizationException(i18n.getMessage("hostAuthFail", new Object[]{this.expected, identity}));
    }

    private boolean authorize(String str) throws AuthorizationException {
        if (str == null) {
            logger.debug(i18n.getMessage("anonPeer"));
            throw new AuthorizationException(i18n.getMessage("anonPeer"));
        }
        try {
            if (this.expected.equals(ExtendedGSSManager.getInstance().createName(str, (Oid) null))) {
                return true;
            }
            logger.debug(i18n.getMessage("hostAuthFail", new Object[]{this.expected, str}));
            return false;
        } catch (GSSException e) {
            throw new AuthorizationException(i18n.getMessage("authFail"), e);
        }
    }

    @Override // org.globus.wsrf.impl.security.authorization.Authorization
    public GSSName getName(MessageContext messageContext) throws AuthorizationException {
        try {
            return getName(AuthUtil.getEndpointAddressURL(messageContext));
        } catch (MalformedURLException e) {
            throw new AuthorizationException(i18n.getMessage("authFail"), e);
        }
    }

    public GSSName getName(URL url) throws AuthorizationException {
        try {
            return ExtendedGSSManager.getInstance().createName(new StringBuffer().append(this.service).append("@").append(url.getHost()).toString(), GSSName.NT_HOSTBASED_SERVICE);
        } catch (GSSException e) {
            throw new AuthorizationException(i18n.getMessage("authFail"), e);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$org$globus$wsrf$impl$security$authorization$HostAuthorization == null) {
            cls = class$("org.globus.wsrf.impl.security.authorization.HostAuthorization");
            class$org$globus$wsrf$impl$security$authorization$HostAuthorization = cls;
        } else {
            cls = class$org$globus$wsrf$impl$security$authorization$HostAuthorization;
        }
        i18n = I18n.getI18n("org.globus.wsrf.impl.security.authorization.errors", cls.getClassLoader());
        if (class$org$globus$wsrf$impl$security$authorization$HostAuthorization == null) {
            cls2 = class$("org.globus.wsrf.impl.security.authorization.HostAuthorization");
            class$org$globus$wsrf$impl$security$authorization$HostAuthorization = cls2;
        } else {
            cls2 = class$org$globus$wsrf$impl$security$authorization$HostAuthorization;
        }
        logger = LogFactory.getLog(cls2.getName());
    }
}
