package org.astrogrid.security;

import org.apache.axis.MessageContext;
import org.apache.axis.handlers.BasicHandler;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.axis.message.SOAPHeaderElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.xml.security.Init;
import org.astrogrid.security.wsse.WsseSignature;
import org.globus.gsi.TrustedCertificates;

/* loaded from: input_file:org/astrogrid/security/AxisServiceCredentialHandler.class */
public class AxisServiceCredentialHandler extends BasicHandler {
    private static Log log = LogFactory.getLog(AxisServiceCredentialHandler.class);
    private static TrustedCertificates trustAnchors;
    protected final String WSSE_1_0_NAMESPACE = WSConstants.WSSE_NS_OASIS_1_0;

    @Override // org.apache.axis.handlers.BasicHandler, org.apache.axis.Handler
    public void init() {
        Init.init();
        loadTrustAnchors();
    }

    @Override // org.apache.axis.Handler
    public void invoke(MessageContext messageContext) {
        AxisServiceSecurityGuard axisServiceSecurityGuard = new AxisServiceSecurityGuard();
        try {
            try {
                SOAPEnvelope sOAPEnvelope = messageContext.getRequestMessage().getSOAPEnvelope();
                SOAPHeaderElement headerByName = sOAPEnvelope.getHeaderByName(WSConstants.WSSE_NS_OASIS_1_0, WSConstants.WSSE_LN, true);
                if (headerByName != null) {
                    WsseSignature wsseSignature = new WsseSignature(sOAPEnvelope.getAsDocument(), trustAnchors);
                    wsseSignature.verify();
                    headerByName.setProcessed(true);
                    axisServiceSecurityGuard = wsseSignature.getServiceGuard();
                    log.info("Caller is authenticated as " + axisServiceSecurityGuard.getX500Principal() + " by digital signature.");
                } else {
                    log.info("Caller is anonymous.");
                }
                messageContext.setProperty("org.astrogrid.security.guard", axisServiceSecurityGuard);
            } catch (Exception e) {
                log.info("The digital-signature-checking handler failed: " + e);
                messageContext.setProperty("org.astrogrid.security.guard", axisServiceSecurityGuard);
            }
        } catch (Throwable th) {
            messageContext.setProperty("org.astrogrid.security.guard", axisServiceSecurityGuard);
            throw th;
        }
    }

    protected void loadTrustAnchors() {
        String property = System.getProperty("X509_CERT_DIR");
        if (property == null) {
            log.info("No directory was specified from which to load trusted certificates. /etc/grid-security/certificates is the default.");
            property = "/etc/grid-security/certificates";
        }
        try {
            trustAnchors = TrustedCertificates.load(property);
        } catch (Exception e) {
            log.error(e);
        }
    }
}
