package xsul.invoker.capability;

import java.security.cert.X509Certificate;
import org.globus.gsi.GlobusCredential;
import org.globus.gsi.GlobusCredentialException;
import org.globus.gsi.TrustedCertificates;
import org.xmlpull.v1.builder.XmlDocument;
import xsul.MLogger;
import xsul.dsig.saml.CapGlobusCredSOAPEnvelopeSigner;
import xsul.dsig.saml.CapGlobusCredSOAPEnvelopeVerifier;
import xsul.dsig.saml.authorization.Capability;
import xsul.dsig.saml.authorization.CapabilityEnforcer;
import xsul.dsig.saml.authorization.CapabilityException;
import xsul.dsig.saml.authorization.CapabilityUtil;
import xsul.invoker.DynamicInfosetInvokerException;
import xsul.invoker.soap_over_http.SoapHttpDynamicInfosetInvoker;

/* loaded from: input_file:WEB-INF/lib/xsul-2.10.5_b.jar:xsul/invoker/capability/CapabilityInvoker.class */
public class CapabilityInvoker extends SoapHttpDynamicInfosetInvoker {
    private static final MLogger logger = MLogger.getLogger();
    protected GlobusCredential cred;
    protected X509Certificate[] trustedCerts;
    protected Capability cap;
    protected boolean sslEnabled;

    /* JADX INFO: Access modifiers changed from: protected */
    public CapabilityInvoker(String str) {
        super(str);
        this.sslEnabled = false;
        try {
            this.cred = GlobusCredential.getDefaultCredential();
            this.trustedCerts = TrustedCertificates.getDefaultTrustedCertificates().getCertificates();
        } catch (GlobusCredentialException e) {
            logger.warning("no default credential or trustedcerts");
        }
    }

    public CapabilityInvoker(GlobusCredential globusCredential, X509Certificate[] x509CertificateArr, Capability capability, String str) {
        super(str);
        this.sslEnabled = false;
        this.cred = globusCredential;
        this.trustedCerts = x509CertificateArr;
        this.cap = capability;
    }

    public CapabilityInvoker(GlobusCredential globusCredential, X509Certificate[] x509CertificateArr, Capability capability, String str, boolean z) {
        super(str);
        this.sslEnabled = false;
        this.cred = globusCredential;
        this.trustedCerts = x509CertificateArr;
        this.cap = capability;
        this.sslEnabled = z;
    }

    @Override // xsul.invoker.http.HttpDynamicInfosetInvoker, xsul.invoker.DynamicInfosetInvoker
    public XmlDocument invokeXml(XmlDocument xmlDocument) throws DynamicInfosetInvokerException {
        try {
            String canonicalizeSubject = CapabilityUtil.canonicalizeSubject(this.cred.getSubject());
            logger.finest("subject: " + canonicalizeSubject);
            XmlDocument addCapability = CapabilityEnforcer.newInstance(this.cap, canonicalizeSubject).addCapability(xmlDocument);
            if (this.sslEnabled) {
                return super.invokeXml(addCapability);
            }
            XmlDocument invokeXml = super.invokeXml(CapGlobusCredSOAPEnvelopeSigner.getInstance(this.cred).signSoapMessage(addCapability));
            CapGlobusCredSOAPEnvelopeVerifier.getInstance(this.cred, this.trustedCerts).verifySoapMessage(invokeXml);
            return invokeXml;
        } catch (CapabilityException e) {
            throw new DynamicInfosetInvokerException("could not add capability token", e);
        }
    }
}
