package xsul.processor.capability;

import java.security.Principal;
import java.security.cert.X509Certificate;
import org.globus.gsi.GlobusCredential;
import org.xmlpull.v1.builder.XmlDocument;
import org.xmlpull.v1.builder.XmlElement;
import xsul.MLogger;
import xsul.dsig.SignatureInfo;
import xsul.dsig.globus.GlobusCredSOAPEnvelopeSigner;
import xsul.dsig.saml.CapGlobusCredSOAPEnvelopeVerifier;
import xsul.dsig.saml.CapSignatureInfo;
import xsul.dsig.saml.authorization.Capability;
import xsul.dsig.saml.authorization.CapabilityAuthorizer;
import xsul.dsig.saml.authorization.CapabilityException;
import xsul.dsig.saml.authorization.CapabilityUtil;
import xsul.processor.MessageProcessor;
import xsul.processor.soap_over_http.SoapHttpDynamicInfosetProcessor;
import xsul.soap.SoapUtil;
import xsul.soap11_util.Soap11Util;

/* loaded from: input_file:WEB-INF/lib/xsul-2.10.5_b.jar:xsul/processor/capability/CapabilityProcessor.class */
public class CapabilityProcessor extends SoapHttpDynamicInfosetProcessor {
    private static final MLogger logger = MLogger.getLogger();
    private String svc_uri;
    private GlobusCredential cred;
    private X509Certificate[] trustedCerts;
    private MessageProcessor service;
    private boolean checkSignature;
    private boolean signMessage;
    private String owner_name;

    public CapabilityProcessor(GlobusCredential globusCredential, X509Certificate[] x509CertificateArr, MessageProcessor messageProcessor, int i, String str) {
        super(i);
        this.checkSignature = true;
        this.signMessage = true;
        this.svc_uri = str;
        this.cred = globusCredential;
        this.trustedCerts = x509CertificateArr;
        this.service = messageProcessor;
        this.owner_name = CapabilityUtil.canonicalizeSubject(globusCredential.getSubject());
    }

    public void setCheckSignature(boolean z) {
        this.checkSignature = z;
    }

    public boolean isCheckSignature() {
        return this.checkSignature;
    }

    public void setSignMessage(boolean z) {
        this.signMessage = z;
    }

    public boolean isSignMessage() {
        return this.signMessage;
    }

    @Override // xsul.processor.soap_over_http.SoapHttpDynamicInfosetProcessor
    public XmlDocument processSoapEnvelope(XmlElement xmlElement, SoapUtil soapUtil) {
        Soap11Util soap11Util = Soap11Util.getInstance();
        if (this.checkSignature) {
            SignatureInfo verifySoapMessage = CapGlobusCredSOAPEnvelopeVerifier.getInstance(this.cred, this.trustedCerts).verifySoapMessage(xmlElement);
            try {
                String str = this.svc_uri;
                if (str == null || str.equals("")) {
                    str = getServer().getLocation();
                    logger.finest("service uri: " + str);
                }
                CapabilityAuthorizer newInstance = CapabilityAuthorizer.newInstance(str, this.owner_name);
                Principal subjectDn = verifySoapMessage.getSubjectDn();
                if (newInstance == null) {
                    throw new CapabilityException("No authorizer found");
                }
                if (!(verifySoapMessage instanceof CapSignatureInfo)) {
                    throw new CapabilityException("No SamlSignatureInfo found");
                }
                Capability capability = ((CapSignatureInfo) verifySoapMessage).getCapability();
                if (capability == null) {
                    throw new CapabilityException("no capability token in the SOAP message");
                }
                newInstance.isAuthorized(subjectDn, capability, xmlElement);
            } catch (CapabilityException e) {
                XmlDocument wrapBodyContent = soap11Util.wrapBodyContent(soap11Util.generateSoapClientFault("unathorized access", e));
                if (this.signMessage) {
                    return GlobusCredSOAPEnvelopeSigner.getInstance(this.cred).signSoapMessage(wrapBodyContent);
                }
            }
        }
        XmlDocument processSoapEnvelope = super.processSoapEnvelope(xmlElement, soapUtil);
        return this.signMessage ? GlobusCredSOAPEnvelopeSigner.getInstance(this.cred).signSoapMessage(processSoapEnvelope) : processSoapEnvelope;
    }

    @Override // xsul.processor.soap_over_http.SoapHttpDynamicInfosetProcessor, xsul.processor.MessageProcessor
    public XmlElement processMessage(XmlElement xmlElement) {
        return this.service.processMessage(xmlElement);
    }
}
