package org.gcube.common.vomanagement.security.configuration.test;

import java.rmi.Remote;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.WeakHashMap;
import javax.xml.soap.SOAPElement;
import org.apache.axis.MessageContext;
import org.apache.axis.client.Stub;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.axis.message.SOAPHeaderElement;
import org.gcube.common.core.contexts.GCUBEServiceContext;
import org.gcube.common.core.security.GCUBEAuthzPolicy;
import org.gcube.common.core.security.GCUBESecurityManager;
import org.gcube.common.core.security.GCUBEServiceSecurityManager;
import org.gcube.common.core.security.SecurityCredentials;
import org.gcube.common.core.security.impl.GSSSecurityCredentials;
import org.gcube.common.core.utils.events.GCUBEEvent;
import org.gcube.common.core.utils.events.GCUBEProducer;
import org.gcube.common.core.utils.logging.GCUBELog;
import org.gcube.common.vomanagement.security.authorisation.HandlersConstants;
import org.gcube.common.vomanagement.security.authorisation.control.impl.policies.GCUBEPolicy;
import org.gcube.common.vomanagement.security.authorisation.core.impl.SAMLSecurityCredentials;
import org.gcube.common.vomanagement.security.authorisation.handlers.utils.SAMLAuthzAssertionTokenBuilder;
import org.gcube.common.vomanagement.security.authorisation.utils.AssertionGenerator;
import org.globus.wsrf.impl.security.authentication.Constants;
import org.ietf.jgss.GSSCredential;
import org.opensaml.SAMLAssertion;

/* loaded from: input_file:org/gcube/common/vomanagement/security/configuration/test/GCUBETestSamlAssertionServiceSecurityManager.class */
public class GCUBETestSamlAssertionServiceSecurityManager implements GCUBEServiceSecurityManager {
    protected GCUBEServiceContext context;
    private SecurityCredentials serviceCredentials;
    private SAMLAssertion assertion;
    protected Map<Thread, GSSCredential> callCredentials = Collections.synchronizedMap(new WeakHashMap());
    private GCUBEProducer<GCUBEServiceSecurityManager.LifetimeTopic, Object> producer = new GCUBEProducer<>();
    protected GCUBELog logger = new GCUBELog(this);
    private boolean propagateCallerCredentials = true;
    private boolean securityEnabled = true;

    public boolean isSecurityEnabled() {
        return this.securityEnabled;
    }

    public void setSecurityEnabled(boolean z) {
        this.securityEnabled = z;
    }

    public void useCredentials(SecurityCredentials securityCredentials) throws Exception {
        useCredentials(Thread.currentThread(), securityCredentials);
    }

    public void useCredentials(Thread thread, SecurityCredentials... securityCredentialsArr) throws Exception {
        if (isSecurityEnabled()) {
            if (securityCredentialsArr.length == 0) {
                securityCredentialsArr = new SecurityCredentials[]{getCredentials()};
            }
            GSSCredential gSSCredential = (GSSCredential) securityCredentialsArr[0].getCredentialsAsObject();
            this.logger.debug("Using credentials of the assertion (" + gSSCredential.getName() + ") in thread " + thread.getName() + "(" + thread.getId() + ")");
            this.callCredentials.put(thread, gSSCredential);
        }
    }

    public SecurityCredentials getCredentials() {
        GSSCredential gSSCredential = this.callCredentials.get(Thread.currentThread());
        if (gSSCredential != null) {
            this.logger.debug("Credentials found for the current thread");
            return new GSSSecurityCredentials(gSSCredential);
        }
        if (this.propagateCallerCredentials) {
            this.logger.debug("Credentials not set, using caller credentials");
            try {
                return getCallerCredentials();
            } catch (Exception e) {
                this.logger.error("Unable to find caller credentials", e);
                return null;
            }
        }
        this.logger.debug("Credentials not set, using service credentials");
        try {
            return getServiceCredentials();
        } catch (Exception e2) {
            this.logger.error("Unable to find service credentials", e2);
            return null;
        }
    }

    public void setUserCredentials(String str, String str2) throws Exception {
        AssertionGenerator assertionGenerator = new AssertionGenerator();
        assertionGenerator.setLifetimeSec(5000);
        assertionGenerator.setUserId(str);
        assertionGenerator.addRole(str2);
        this.assertion = assertionGenerator.generate();
    }

    public void setSecurity(Remote remote, GCUBESecurityManager.AuthMode authMode, GCUBESecurityManager.DelegationMode delegationMode) throws Exception {
        if (isSecurityEnabled()) {
            this.logger.debug("setting security parameters");
            Stub stub = (Stub) remote;
            stub._setProperty("org.globus.gsi.credentials", getCredentials().getCredentialsAsObject());
            Iterator childElements = new SAMLAuthzAssertionTokenBuilder(this.assertion).buildMessage(new SOAPEnvelope()).getSOAPHeader().getChildElements();
            SOAPHeaderElement sOAPHeaderElement = null;
            while (childElements.hasNext() && sOAPHeaderElement == null) {
                SOAPHeaderElement sOAPHeaderElement2 = (SOAPHeaderElement) childElements.next();
                if (sOAPHeaderElement2.getNodeName().equals("wsse:Security")) {
                    sOAPHeaderElement = sOAPHeaderElement2;
                    stub.setHeader(sOAPHeaderElement);
                }
            }
            stub._setProperty("org.globus.security.transport.type", Constants.SIGNATURE);
            stub._setProperty("org.globus.security.transport.type", Constants.ENCRYPTION);
            this.logger.debug("Setting authentication GSI sec transport= " + authMode.name() + " on " + stub.getClass().getSimpleName());
        }
    }

    public void initialise(GCUBEServiceContext gCUBEServiceContext) throws Exception {
        this.logger.debug("Initialising...");
        this.context = gCUBEServiceContext;
        this.producer.notify(GCUBEServiceSecurityManager.LifetimeTopic.POLICYUPDATE, new GCUBEEvent[]{new GCUBEServiceSecurityManager.LifetimeEvent()});
        this.logger.debug("Intialisation completed");
    }

    public void subscribe(GCUBEServiceSecurityManager.LifetimeConsumer lifetimeConsumer, GCUBEServiceSecurityManager.LifetimeTopic... lifetimeTopicArr) {
        this.producer.subscribe(lifetimeConsumer, (lifetimeTopicArr == null) | (lifetimeTopicArr.length == 0) ? GCUBEServiceSecurityManager.LifetimeTopic.values() : lifetimeTopicArr);
    }

    public void unsubscribe(GCUBEServiceSecurityManager.LifetimeConsumer lifetimeConsumer, GCUBEServiceSecurityManager.LifetimeTopic... lifetimeTopicArr) {
        this.producer.unsubscribe(lifetimeConsumer, (lifetimeTopicArr == null) | (lifetimeTopicArr.length == 0) ? GCUBEServiceSecurityManager.LifetimeTopic.values() : lifetimeTopicArr);
    }

    public SecurityCredentials getServiceCredentials() throws Exception {
        return this.serviceCredentials;
    }

    public SecurityCredentials getCallerCredentials() throws Exception {
        return new SAMLSecurityCredentials(getCallerSAMLAssertion());
    }

    public GCUBEAuthzPolicy getPolicy() {
        return new GCUBEPolicy.GCUBENoPolicy();
    }

    public boolean needServiceCredentials() {
        return true;
    }

    private SAMLAssertion getCallerSAMLAssertion() {
        this.logger.debug("getting caller SAML assertion...");
        SAMLAssertion sAMLAssertion = (SAMLAssertion) MessageContext.getCurrentContext().getProperty(HandlersConstants.SAML_AUTHZ_ASSERTION);
        if (sAMLAssertion == null) {
            this.logger.warn("The SAML Assertion is null!");
        } else {
            this.logger.debug("SAML assertion = " + sAMLAssertion.toString());
        }
        return sAMLAssertion;
    }

    @Deprecated
    public void useCredentials(GSSCredential gSSCredential) throws Exception {
        this.logger.error("Invalid credentials set");
    }

    public void propagateCallerCredentials(boolean z) {
    }

    public static void main(String[] strArr) throws Exception {
        AssertionGenerator assertionGenerator = new AssertionGenerator();
        assertionGenerator.setLifetimeSec(5000);
        assertionGenerator.setUserId("ciro");
        assertionGenerator.addRole("admin");
        SAMLAssertion generate = assertionGenerator.generate();
        Iterator childElements = new SAMLAuthzAssertionTokenBuilder(generate).buildMessage(new SOAPEnvelope()).getSOAPHeader().getChildElements();
        while (childElements.hasNext()) {
            SOAPElement sOAPElement = (SOAPElement) childElements.next();
            System.out.println(sOAPElement.getNodeName());
            System.out.println(sOAPElement.getClass());
        }
    }

    public void setAuthMethod(GCUBESecurityManager.AuthMethod authMethod) {
    }
}
