package org.gcube.common.vomanagement.security.configuration;

import java.rmi.Remote;
import java.util.Collections;
import java.util.Map;
import java.util.Timer;
import java.util.WeakHashMap;
import org.apache.axis.MessageContext;
import org.apache.axis.client.Stub;
import org.gcube.common.core.contexts.GCUBEServiceContext;
import org.gcube.common.core.security.GCUBESecurityManager;
import org.gcube.common.core.security.GCUBEServiceSecurityManager;
import org.gcube.common.core.security.SecurityCredentials;
import org.gcube.common.core.security.context.SecurityContextFactory;
import org.gcube.common.core.utils.events.GCUBEEvent;
import org.gcube.common.vomanagement.security.authorisation.HandlersConstants;
import org.gcube.common.vomanagement.security.authorisation.core.impl.SAMLSecurityCredentials;
import org.gcube.common.vomanagement.security.authorisation.core.saml.SamlAssertionTask;
import org.globus.wsrf.impl.security.authentication.Constants;
import org.globus.wsrf.impl.security.authorization.HostAuthorization;
import org.opensaml.SAMLAssertion;

/* loaded from: input_file:org/gcube/common/vomanagement/security/configuration/GCUBESamlAssertionServiceSecurityManager.class */
public class GCUBESamlAssertionServiceSecurityManager extends GCUBEServiceSecurityConfigurationManager implements SAMLAssertionConsumer {
    protected Map<Thread, SAMLAssertion> callCredentials = Collections.synchronizedMap(new WeakHashMap());
    private Timer assertionRenewalTimer;

    /* renamed from: org.gcube.common.vomanagement.security.configuration.GCUBESamlAssertionServiceSecurityManager$1, reason: invalid class name */
    /* loaded from: input_file:org/gcube/common/vomanagement/security/configuration/GCUBESamlAssertionServiceSecurityManager$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$DelegationMode;
        static final /* synthetic */ int[] $SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$AuthMode = new int[GCUBESecurityManager.AuthMode.values().length];

        static {
            try {
                $SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$AuthMode[GCUBESecurityManager.AuthMode.INTEGRITY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$AuthMode[GCUBESecurityManager.AuthMode.PRIVACY.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$AuthMode[GCUBESecurityManager.AuthMode.BOTH.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$DelegationMode = new int[GCUBESecurityManager.DelegationMode.values().length];
            try {
                $SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$DelegationMode[GCUBESecurityManager.DelegationMode.FULL.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$DelegationMode[GCUBESecurityManager.DelegationMode.LIMITED.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    @Override // org.gcube.common.vomanagement.security.configuration.GCUBEServiceSecurityConfigurationManager
    public void initialise(GCUBEServiceContext gCUBEServiceContext) throws Exception {
        this.logger.debug("Initialising...");
        this.context = gCUBEServiceContext;
        initialiseCredentialTask();
        this.producer.notify(GCUBEServiceSecurityManager.LifetimeTopic.POLICYUPDATE, new GCUBEEvent[]{new GCUBEServiceSecurityManager.LifetimeEvent()});
        this.logger.debug("Intialisation completed");
    }

    public void useCredentials(SecurityCredentials securityCredentials) throws Exception {
        useCredentials(Thread.currentThread(), securityCredentials);
    }

    public void useCredentials(Thread thread, SecurityCredentials... securityCredentialsArr) throws Exception {
        if (isSecurityEnabled()) {
            if (securityCredentialsArr.length == 0) {
                securityCredentialsArr = new SecurityCredentials[]{getCredentials()};
            }
            try {
                SAMLAssertion sAMLAssertion = (SAMLAssertion) securityCredentialsArr[0].getCredentialsAsObject();
                this.logger.debug("Using credentials of the assertion (" + sAMLAssertion.getAssertionID() + ") in thread " + thread.getName() + "(" + thread.getId() + ")");
                this.callCredentials.put(thread, sAMLAssertion);
            } catch (ClassCastException e) {
                this.logger.error("Invalid credentials: expected SAML Assertion Credentials and found " + securityCredentialsArr[0].getCredentialsAsObject().getClass());
            }
        }
    }

    public SecurityCredentials getCredentials() {
        SAMLAssertion sAMLAssertion = this.callCredentials.get(Thread.currentThread());
        if (sAMLAssertion != null) {
            this.logger.debug("Credentials found for the current thread");
            return new SAMLSecurityCredentials(sAMLAssertion);
        }
        if (this.propagateCallerCredentials) {
            this.logger.debug("Credentials not set, using caller credentials");
            try {
                return getCallerCredentials();
            } catch (Exception e) {
                this.logger.error("Unable to find caller credentials, probably the credentials are not available, disable the credential propagation in the service configuration", e);
                this.logger.error("Trying to use service credentials");
            }
        }
        this.logger.debug("Using service credentials");
        try {
            return getServiceCredentials();
        } catch (Exception e2) {
            this.logger.error("Unable to find service credentials", e2);
            this.logger.error("No authorization credentials will be used");
            return null;
        }
    }

    public void setSecurity(Remote remote, GCUBESecurityManager.AuthMode authMode, GCUBESecurityManager.DelegationMode delegationMode) throws Exception {
        String str;
        this.logger.debug("setting security parameters for service " + this.context.getService().getServiceName());
        if (!isSecurityEnabled()) {
            this.logger.debug("Security not enabled, nothing to do");
            return;
        }
        Stub stub = (Stub) remote;
        stub._setProperty("org.globus.gsi.credentials", SecurityContextFactory.getInstance().getSecurityContext().getDefaultCredentials());
        SAMLSecurityCredentials sAMLSecurityCredentials = (SAMLSecurityCredentials) getCredentials();
        if (sAMLSecurityCredentials == null || sAMLSecurityCredentials.getAssertion() == null) {
            this.logger.error("credentials or assertion not found");
        } else {
            this.logger.debug("setting SAML assertion");
            stub._setProperty(HandlersConstants.SAML_AUTHZ_ASSERTION, sAMLSecurityCredentials.getAssertion());
            this.logger.debug("SAML assertion set");
        }
        if (this.authMethod == GCUBESecurityManager.AuthMethod.GSI_CONV) {
            this.logger.debug("GSI Secure conversation");
            str = "org.globus.security.secConv.msg.type";
            this.logger.debug("Setting delegation...");
            this.logger.debug("delegation " + authMode);
            switch (AnonymousClass1.$SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$DelegationMode[delegationMode.ordinal()]) {
                case 1:
                    stub._setProperty("org.globus.security.authorization", HostAuthorization.getInstance());
                    stub._setProperty("org.globus.gsi.mode", "gsifull");
                    break;
                case 2:
                    stub._setProperty("org.globus.security.authorization", HostAuthorization.getInstance());
                    stub._setProperty("org.globus.gsi.mode", "gsilimited");
                    break;
            }
        } else {
            this.logger.debug("GSI Secure transport");
            str = "org.globus.security.transport.type";
        }
        switch (AnonymousClass1.$SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$AuthMode[authMode.ordinal()]) {
            case 1:
                stub._setProperty(str, Constants.SIGNATURE);
                break;
            case 2:
                stub._setProperty(str, Constants.ENCRYPTION);
                break;
            case 3:
                stub._setProperty(str, Constants.SIGNATURE);
                stub._setProperty(str, Constants.ENCRYPTION);
                break;
        }
        this.logger.debug("Setting authentication GSI sec transport= " + authMode.name() + " on " + stub.getClass().getSimpleName());
    }

    public SecurityCredentials getCallerCredentials() throws Exception {
        return new SAMLSecurityCredentials(getCallerSAMLAssertion());
    }

    public boolean needServiceCredentials() {
        return true;
    }

    private SAMLAssertion getCallerSAMLAssertion() {
        this.logger.debug("getting caller SAML assertion...");
        SAMLAssertion sAMLAssertion = (SAMLAssertion) MessageContext.getCurrentContext().getProperty(HandlersConstants.SAML_AUTHZ_ASSERTION);
        if (sAMLAssertion == null) {
            this.logger.warn("The SAML Assertion is null!");
        } else {
            this.logger.debug("SAML assertion = " + sAMLAssertion.toString());
        }
        return sAMLAssertion;
    }

    @Override // org.gcube.common.vomanagement.security.configuration.SAMLAssertionConsumer
    public synchronized void setSAMLAssertion(SAMLAssertion sAMLAssertion) {
        if (sAMLAssertion == null) {
            this.logger.trace("setting SAML credentials to null");
            this.serviceCredentials = null;
        } else {
            this.logger.trace("Adding fresh SAML assertion");
            this.serviceCredentials = new SAMLSecurityCredentials(sAMLAssertion);
        }
        this.producer.notify(GCUBEServiceSecurityManager.LifetimeTopic.CREDENTIALUPDATE, new GCUBEEvent[]{new GCUBEServiceSecurityManager.LifetimeEvent()});
    }

    private void initialiseCredentialTask() throws Exception {
        if (!isSecurityEnabled()) {
            this.logger.info("no credentials are needed for service " + this.context.getServiceClass() + ":" + this.context.getName());
            setSAMLAssertion(null);
        } else {
            this.logger.info("subscribing for credentials for service " + this.context.getServiceClass() + ":" + this.context.getName());
            SamlAssertionTask samlAssertionTask = new SamlAssertionTask(this.context.getService(), this);
            this.assertionRenewalTimer = new Timer(samlAssertionTask.getName());
            this.assertionRenewalTimer.schedule(samlAssertionTask, 0L, samlAssertionTask.getTimerPeriod());
        }
    }
}
