package org.gcube.common.vomanagement.security.authorisation.control.impl;

import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.axis.MessageContext;
import org.gcube.common.core.contexts.GCUBEServiceContext;
import org.gcube.common.core.faults.GCUBEException;
import org.gcube.common.core.faults.GCUBEUnrecoverableException;
import org.gcube.common.core.security.GCUBEServiceAuthorizationController;
import org.gcube.common.core.security.GCUBEServiceSecurityManager;
import org.gcube.common.core.security.context.SecurityContextFactory;
import org.gcube.common.core.utils.logging.GCUBELog;
import org.globus.gsi.gssapi.auth.AuthorizationException;
import org.ietf.jgss.GSSException;

/* loaded from: input_file:org/gcube/common/vomanagement/security/authorisation/control/impl/EqualDNAuthorizationController.class */
public class EqualDNAuthorizationController implements GCUBEServiceAuthorizationController {
    private GCUBEServiceSecurityManager securityManager;
    private GCUBELog logger = new GCUBELog(this);

    public void initialise(GCUBEServiceContext gCUBEServiceContext, GCUBEServiceSecurityManager gCUBEServiceSecurityManager) throws Exception {
        this.securityManager = gCUBEServiceSecurityManager;
    }

    public boolean isSecurityEnabled() {
        return this.securityManager.isSecurityEnabled();
    }

    public void authoriseCall(Map<String, Object> map) throws GCUBEException {
        this.logger.debug("External request authorization process");
        if (!isSecurityEnabled()) {
            this.logger.debug("Security not enabled, nothing to do");
            return;
        }
        MessageContext messageContext = (MessageContext) map.get("MESSAGE_CONTEXT");
        if (messageContext == null) {
            this.logger.error("Unable to find message context");
            throw new GCUBEUnrecoverableException("Unable to find message context");
        }
        Subject subject = (Subject) messageContext.getProperty("callerSubject");
        if (subject == null) {
            this.logger.error("Unable to find calling subject");
            throw new GCUBEUnrecoverableException("Unable to find calling subject");
        }
        this.logger.debug("External calling subject " + subject);
        Set<Principal> principals = subject.getPrincipals();
        if (principals == null) {
            this.logger.error("Unable to find subject identity");
            throw new GCUBEUnrecoverableException("Unable to find subject identity");
        }
        try {
            if (checkDN(principals, SecurityContextFactory.getInstance().getSecurityContext().getDefaultCredentials().getName().toString())) {
            } else {
                throw new GCUBEUnrecoverableException(new AuthorizationException("Authorization failed"));
            }
        } catch (GSSException e) {
            this.logger.error("Unable to control the dns", e);
        }
    }

    private boolean checkDN(Set<Principal> set, String str) {
        this.logger.debug("Comparing the DN with " + str);
        Iterator<Principal> it = set.iterator();
        boolean z = false;
        String trim = str.trim();
        while (it.hasNext() && !z) {
            String name = it.next().getName();
            this.logger.debug("Comparing with " + name);
            if (name.equals(trim)) {
                z = true;
            }
        }
        this.logger.debug("Found " + z);
        return z;
    }
}
