package edu.sdsc.nbcr.common;

import java.io.IOException;
import java.security.cert.X509Certificate;
import javax.servlet.http.HttpServletRequest;
import org.apache.axis.AxisFault;
import org.apache.axis.MessageContext;
import org.apache.axis.handlers.BasicHandler;
import org.apache.axis.transport.http.HTTPConstants;
import org.apache.log4j.Logger;
import org.globus.gsi.gssapi.GSSConstants;
import org.globus.gsi.gssapi.GlobusGSSContextImpl;
import org.globus.security.gridmap.GridMap;

/* JADX WARN: Classes with same name are omitted:
  
 */
/* loaded from: input_file:edu/sdsc/nbcr/common/CAAuthHandler.class */
public class CAAuthHandler extends BasicHandler {
    private String caMapLoc = null;
    private static Logger logger = Logger.getLogger(CAAuthHandler.class.getName());

    @Override // org.apache.axis.handlers.BasicHandler, org.apache.axis.Handler
    public void init() {
        super.init();
        this.caMapLoc = (String) getOption("ca-map");
        if (this.caMapLoc == null) {
            logger.error("Property ca-map not set");
        } else {
            logger.info("Location of ca-map: " + this.caMapLoc);
        }
    }

    @Override // org.apache.axis.Handler
    public void invoke(MessageContext messageContext) throws AxisFault {
        logger.info("entering");
        Object property = messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST);
        if (property == null || !(property instanceof HttpServletRequest)) {
            logger.info("exiting");
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) property;
        Object attribute = httpServletRequest.getAttribute("org.globus.gsi.authorized.user.dn");
        if (attribute == null) {
            logger.info("exiting");
            return;
        }
        logger.info("Client's DN: " + attribute);
        Object attribute2 = httpServletRequest.getAttribute("org.globus.gsi.context");
        String str = null;
        try {
            if (attribute2 == null) {
                logger.info("exiting");
                return;
            }
            Object inquireByOid = ((GlobusGSSContextImpl) attribute2).inquireByOid(GSSConstants.X509_CERT_CHAIN);
            if (inquireByOid != null) {
                X509Certificate[] x509CertificateArr = (X509Certificate[]) inquireByOid;
                logger.debug("Certificate chain - ");
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    logger.debug(x509Certificate.getSubjectDN());
                }
                str = x509CertificateArr[x509CertificateArr.length - 1].getSubjectDN().toString();
                logger.info("Client's CA DN: " + str);
            }
            GridMap gridMap = new GridMap();
            try {
                gridMap.load(this.caMapLoc);
                if (str == null) {
                    logger.error("Can't find DN for the client's CA");
                    throw new AxisFault("Can't find DN for the client's CA");
                }
                if (gridMap.getUserID(str) == null) {
                    logger.info("DN for the client's CA not on the ca-map");
                    throw new AxisFault("CA: " + str + " does not have an entry on the ca-map");
                }
                logger.info("exiting");
            } catch (IOException e) {
                logger.fatal("Can't load ca-map", e);
                throw new AxisFault("Can't load ca-map", e);
            }
        } catch (Exception e2) {
            logger.error(e2);
            throw new AxisFault("Error while reading certificate chain: " + e2.getMessage());
        }
    }
}
