package org.gcube.security.soa3.connector.integration.server;

import java.rmi.Remote;
import java.util.Collections;
import java.util.Map;
import java.util.WeakHashMap;
import org.apache.axis.MessageContext;
import org.apache.axis.client.Stub;
import org.gcube.common.core.contexts.GCUBEServiceContext;
import org.gcube.common.core.security.GCUBESecurityManager;
import org.gcube.common.core.security.SecurityCredentials;
import org.gcube.common.core.security.context.SecurityContextFactory;
import org.gcube.common.core.utils.logging.GCUBELog;
import org.gcube.security.soa3.configuration.ConfigurationManager;
import org.gcube.security.soa3.connector.integration.TokenCredentials;
import org.gcube.security.soa3.connector.integration.utils.Utils;
import org.gcube.soa3.connector.common.security.CredentialManager;
import org.gcube.soa3.connector.common.security.Credentials;
import org.globus.wsrf.impl.security.authentication.Constants;
import org.ietf.jgss.GSSCredential;
import org.w3c.dom.Element;

/* loaded from: input_file:org/gcube/security/soa3/connector/integration/server/SOA3IntegrationServiceCredentialInserter.class */
public class SOA3IntegrationServiceCredentialInserter extends GCUBEServiceSecurityConfigurationManager {
    private boolean isSecurityEnabled;
    private GCUBEServiceContext context;
    protected Map<Thread, Element> callCredentials = Collections.synchronizedMap(new WeakHashMap());
    private GCUBELog log = new GCUBELog(this);
    private boolean propagateCallerCredentials = true;

    /* renamed from: org.gcube.security.soa3.connector.integration.server.SOA3IntegrationServiceCredentialInserter$1, reason: invalid class name */
    /* loaded from: input_file:org/gcube/security/soa3/connector/integration/server/SOA3IntegrationServiceCredentialInserter$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$AuthMode = new int[GCUBESecurityManager.AuthMode.values().length];

        static {
            try {
                $SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$AuthMode[GCUBESecurityManager.AuthMode.INTEGRITY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$AuthMode[GCUBESecurityManager.AuthMode.PRIVACY.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$AuthMode[GCUBESecurityManager.AuthMode.BOTH.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public boolean isSecurityEnabled() {
        return this.isSecurityEnabled;
    }

    @Override // org.gcube.security.soa3.connector.integration.server.GCUBEServiceSecurityConfigurationManager
    public void useCredentials(GSSCredential gSSCredential) throws Exception {
    }

    public void useCredentials(SecurityCredentials securityCredentials) throws Exception {
        useCredentials(Thread.currentThread(), securityCredentials);
    }

    public void useCredentials(Thread thread, SecurityCredentials... securityCredentialsArr) throws Exception {
        if (isSecurityEnabled()) {
            if (securityCredentialsArr.length == 0) {
                securityCredentialsArr = new SecurityCredentials[]{getCredentials()};
            }
            try {
                Element element = (Element) securityCredentialsArr[0].getCredentialsAsObject();
                this.log.debug("Using credentials of the token (" + securityCredentialsArr[0].getCredentialsAsString() + ") in thread " + thread.getName() + "(" + thread.getId() + ")");
                this.callCredentials.put(thread, element);
            } catch (ClassCastException e) {
                this.log.error("Invalid credentials: expected Token Credentials and found " + securityCredentialsArr[0].getCredentialsAsObject().getClass());
            }
        }
    }

    public SecurityCredentials getCredentials() {
        Element element = this.callCredentials.get(Thread.currentThread());
        if (element != null) {
            this.log.debug("Credentials found for the current thread");
            return new TokenCredentials(element);
        }
        if (this.propagateCallerCredentials) {
            this.log.debug("Credentials not set, using caller credentials");
            try {
                return getCallerCredentials();
            } catch (Exception e) {
                this.log.error("Unable to find caller credentials, probably the credentials are not available, disable the credential propagation in the service configuration", e);
                this.log.error("Trying to use service credentials");
            }
        }
        this.log.debug("Using service credentials");
        try {
            return getServiceCredentials();
        } catch (Exception e2) {
            this.log.error("Unable to find service credentials", e2);
            this.log.error("No authorization credentials will be used");
            return null;
        }
    }

    public void setSecurity(Remote remote, GCUBESecurityManager.AuthMode authMode, GCUBESecurityManager.DelegationMode delegationMode) throws Exception {
        this.log.debug("setting security parameters for service " + this.context.getService().getServiceName());
        if (!isSecurityEnabled()) {
            this.log.debug("Security not enabled, nothing to do");
            return;
        }
        Stub stub = (Stub) remote;
        stub._setProperty("org.globus.gsi.credentials", SecurityContextFactory.getInstance().getSecurityContext().getDefaultCredentials());
        TokenCredentials tokenCredentials = (TokenCredentials) getCredentials();
        if (tokenCredentials == null || tokenCredentials.getType() == null || tokenCredentials.getValue() == null) {
            this.log.error("credentials or token not found");
        } else {
            this.log.debug("setting Security Token");
            stub.setHeader(Utils.generateSoapHeaderBinaryTokenElement(tokenCredentials.getType(), tokenCredentials.getValue()));
            this.log.debug("SAML assertion set");
        }
        switch (AnonymousClass1.$SwitchMap$org$gcube$common$core$security$GCUBESecurityManager$AuthMode[authMode.ordinal()]) {
            case 1:
                stub._setProperty("org.globus.security.transport.type", Constants.SIGNATURE);
                break;
            case 2:
                stub._setProperty("org.globus.security.transport.type", Constants.ENCRYPTION);
                break;
            case 3:
                stub._setProperty("org.globus.security.transport.type", Constants.SIGNATURE);
                stub._setProperty("org.globus.security.transport.type", Constants.ENCRYPTION);
                break;
        }
        this.log.debug("Setting authentication GSI sec transport= " + authMode.name() + " on " + stub.getClass().getSimpleName());
    }

    @Override // org.gcube.security.soa3.connector.integration.server.GCUBEServiceSecurityConfigurationManager
    public void initialise(GCUBEServiceContext gCUBEServiceContext) throws Exception {
        this.context = gCUBEServiceContext;
        String name = gCUBEServiceContext.getName();
        this.log.debug("Service name " + name);
        if (!ConfigurationManager.getInstance().servicePropertiesSet(name)) {
            Utils.setServiceProperties(gCUBEServiceContext, name);
        }
        this.isSecurityEnabled = ConfigurationManager.getInstance().isSecurityEnabled(gCUBEServiceContext.getName());
        propagateCallerCredentials(ConfigurationManager.getInstance().getCredentialPropagationPolicy(name));
        this.log.debug("Init completed");
    }

    @Override // org.gcube.security.soa3.connector.integration.server.GCUBEServiceSecurityConfigurationManager
    public SecurityCredentials getServiceCredentials() throws Exception {
        Credentials credentials = CredentialManager.instance.get();
        return new TokenCredentials(credentials.getAuthenticationType(), credentials.getHeaderString());
    }

    public SecurityCredentials getCallerCredentials() throws Exception {
        return getCallerToken();
    }

    public boolean needServiceCredentials() {
        return true;
    }

    @Override // org.gcube.security.soa3.connector.integration.server.GCUBEServiceSecurityConfigurationManager
    public void propagateCallerCredentials(boolean z) {
        this.propagateCallerCredentials = z;
    }

    private TokenCredentials getCallerToken() {
        this.log.debug("getting caller Security Token...");
        Element element = (Element) MessageContext.getCurrentContext().getProperty(Utils.SECURITY_TOKEN);
        TokenCredentials tokenCredentials = null;
        if (element == null) {
            this.log.warn("The Token is null!");
        } else {
            tokenCredentials = new TokenCredentials(element);
            try {
                this.log.debug("Token found = " + tokenCredentials.getCredentialsAsString());
            } catch (Exception e) {
                this.log.error("Invalid token ", e);
            }
        }
        return tokenCredentials;
    }
}
