package xsul.xhandler.server;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.globus.gsi.GlobusCredential;
import org.xmlpull.v1.builder.XmlDocument;
import org.xmlpull.v1.builder.XmlElement;
import xsul.MLogger;
import xsul.dsig.SignatureInfo;
import xsul.dsig.SignatureType;
import xsul.dsig.globus.GlobusCredSOAPEnvelopeSigner;
import xsul.dsig.globus.GlobusCredSOAPEnvelopeVerifier;
import xsul.dsig.saml.authorization.CapabilityUtil;
import xsul.invoker.DynamicInfosetInvokerException;
import xsul.message_router.MessageContext;
import xsul.soap.SoapUtil;
import xsul.soap11_util.Soap11Util;
import xsul.soap12_util.Soap12Util;
import xsul.wsdl.WsdlPort;
import xsul.wsdl.WsdlUtil;
import xsul.xhandler.BaseHandler;
import xsul.xhandler.MCtxConstants;
import xsul.xhandler.XHandlerContext;

/* loaded from: input_file:WEB-INF/lib/xsul-2.10.5_b.jar:xsul/xhandler/server/ServerSignatureHandler.class */
public class ServerSignatureHandler extends BaseHandler {
    private static final MLogger logger = MLogger.getLogger();
    private GlobusCredential credential;
    private X509Certificate[] trustedCerts;

    public ServerSignatureHandler(String str) {
        super(str);
        try {
            this.credential = GlobusCredential.getDefaultCredential();
            this.trustedCerts = CapabilityUtil.getTrustedCertificates(null).getCertificates();
        } catch (Exception e) {
        }
    }

    public ServerSignatureHandler(String str, GlobusCredential globusCredential, X509Certificate[] x509CertificateArr) {
        super(str);
        this.credential = globusCredential;
        this.trustedCerts = x509CertificateArr;
    }

    public void setCredential(GlobusCredential globusCredential) {
        this.credential = globusCredential;
    }

    public void setTrustedCerts(X509Certificate[] x509CertificateArr) {
        this.trustedCerts = x509CertificateArr;
    }

    @Override // xsul.xhandler.BaseHandler, xsul.xhandler.XHandler
    public void init(XHandlerContext xHandlerContext) {
        super.init(xHandlerContext);
        if (xHandlerContext == null) {
            return;
        }
        WsdlPort wsdlPort = xHandlerContext.getWsdlPort();
        XmlElement element = wsdlPort.element(WsdlUtil.WSDL_SOAP12_NS, "feature");
        if (element == null) {
            element = wsdlPort.addElement(WsdlUtil.WSDL_SOAP12_NS, "feature");
        } else {
            Iterator it = wsdlPort.elements(WsdlUtil.WSDL_SOAP12_NS, "feature").iterator();
            while (it.hasNext()) {
                if (MCtxConstants.FEATURE_SIGNATURE.equals(((XmlElement) it.next()).getAttributeValue(null, "uri"))) {
                    logger.config("signaure attr existed");
                    return;
                }
            }
        }
        element.addAttribute("uri", MCtxConstants.FEATURE_SIGNATURE);
        element.addAttribute(WsdlUtil.REQUIRED_ATTR, "true");
    }

    @Override // xsul.xhandler.BaseHandler
    public boolean processOutgoingXml(XmlElement xmlElement, MessageContext messageContext) throws DynamicInfosetInvokerException {
        if (!needSigning(messageContext)) {
            return false;
        }
        XmlDocument xmlDocument = (XmlDocument) xmlElement.getParent();
        if (xmlDocument == null) {
            logger.finest("doc is null!!!!!");
        }
        messageContext.setOutgoingMessage((XmlElement) GlobusCredSOAPEnvelopeSigner.getInstance(this.credential).signSoapMessage(xmlDocument).getDocumentElement().element(null, "Body").requiredElementContent().iterator().next());
        messageContext.addElement(MCtxConstants.NS, MCtxConstants.SIGNED);
        return false;
    }

    @Override // xsul.xhandler.BaseHandler
    public boolean processIncomingXml(XmlElement xmlElement, MessageContext messageContext) throws DynamicInfosetInvokerException {
        if (!needSigCheck(messageContext)) {
            return false;
        }
        SignatureInfo verifySoapMessage = GlobusCredSOAPEnvelopeVerifier.getInstance(this.credential, this.trustedCerts).verifySoapMessage(xmlElement);
        messageContext.addElement(MCtxConstants.NS, MCtxConstants.SIGCHECKED);
        xmlElement.removeChild(xmlElement.element(null, "Header").element(MCtxConstants.WSSEC_NS, "Security").element(MCtxConstants.SIG_NS, SignatureType.NAME));
        if (isAuthorized(verifySoapMessage.getSubjectDn(), xmlElement)) {
            messageContext.addElement(MCtxConstants.NS, MCtxConstants.PRINCIPAL).addChild(verifySoapMessage.getSubjectDn().getName());
            return false;
        }
        SoapUtil selectSoapFragrance = SoapUtil.selectSoapFragrance(xmlElement, new SoapUtil[]{Soap11Util.getInstance(), Soap12Util.getInstance()});
        XmlElement generateSoapClientFault = selectSoapFragrance.generateSoapClientFault("unathorized access", null);
        XmlDocument wrapBodyContent = selectSoapFragrance.wrapBodyContent(generateSoapClientFault);
        if (needSigning(messageContext)) {
            GlobusCredSOAPEnvelopeSigner.getInstance(this.credential).signSoapMessage(wrapBodyContent);
            messageContext.addElement(MCtxConstants.NS, MCtxConstants.SIGNED);
        }
        messageContext.setOutgoingMessage(generateSoapClientFault);
        return true;
    }

    protected boolean isAuthorized(Principal principal, XmlElement xmlElement) throws RuntimeException {
        return true;
    }

    private boolean needSigCheck(MessageContext messageContext) {
        return messageContext.element(MCtxConstants.NS, MCtxConstants.NOSIGCHECK) == null && messageContext.element(MCtxConstants.NS, MCtxConstants.SIGCHECKED) == null;
    }

    private boolean needSigning(MessageContext messageContext) {
        return messageContext.element(MCtxConstants.NS, MCtxConstants.NOSIGNING) == null && messageContext.element(MCtxConstants.NS, MCtxConstants.SIGNED) == null;
    }
}
