package de.fzj.unicore.wsrflite.security;

import de.fzj.unicore.wsrflite.Kernel;
import de.fzj.unicore.wsrflite.security.pdp.PDPResult;
import de.fzj.unicore.wsrflite.security.pdp.UnicoreXPDP;
import de.fzj.unicore.wsrflite.security.util.AttributeHandlingCallback;
import de.fzj.unicore.wsrflite.security.util.AttributeSourceFactory;
import de.fzj.unicore.wsrflite.security.util.KeystoreUtil;
import de.fzj.unicore.wsrflite.security.util.ResourceDescriptor;
import eu.unicore.security.AuthorisationException;
import eu.unicore.security.Client;
import eu.unicore.security.Queue;
import eu.unicore.security.Role;
import eu.unicore.security.SecurityTokens;
import eu.unicore.security.SubjectAttributesHolder;
import eu.unicore.security.Xlogin;
import eu.unicore.security.util.Log;
import eu.unicore.security.util.client.AuthSSLProtocolSocketFactory;
import java.io.IOException;
import java.io.Serializable;
import java.net.URL;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.net.ssl.SSLSocket;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Logger;
import org.apache.log4j.MDC;

/* loaded from: input_file:de/fzj/unicore/wsrflite/security/SecurityManager.class */
public final class SecurityManager {
    public static final String DISABLE_SECURITY_AND_ACCESS_CONTROL = "uas.security.disable";
    private static final Logger logger = Log.getLogger("unicore.security", SecurityManager.class);
    private static UnicoreXPDP pdp = null;
    private static Boolean isAccessControlEnabled = null;
    private static Boolean isProxyModeEnabled = null;
    private static IAttributeSource attributeSource = null;
    private static X509Certificate serverCert = null;
    private static X509Certificate gatewayCert = null;
    private static List<AuthNCheckingStrategy> authNCheckStrategies = new ArrayList();
    private static Set<AttributeHandlingCallback> attribHandlingCallbacks = new HashSet();
    private static final List<String> actionsRequiringSignatures = new ArrayList();
    private static String[] trustedCertDNs = null;
    private static final ThreadLocal<Boolean> localCalls = new ThreadLocal<>();
    protected static final String proxyRE = "(CN=([\\d]+))|(CN=proxy)";
    public static final Pattern pattern = Pattern.compile(proxyRE, 2);

    /* loaded from: input_file:de/fzj/unicore/wsrflite/security/SecurityManager$NullAuthoriser.class */
    public static class NullAuthoriser implements IAttributeSource {
        @Override // de.fzj.unicore.wsrflite.security.IAttributeSource
        public String getStatusDescription() {
            return "OK";
        }

        @Override // de.fzj.unicore.wsrflite.security.IAttributeSource
        public void init(String str) {
        }

        @Override // de.fzj.unicore.wsrflite.security.IAttributeSource
        public String getName() {
            return "NULL source";
        }

        @Override // de.fzj.unicore.wsrflite.security.IAttributeSource
        public SubjectAttributesHolder getAttributes(SecurityTokens securityTokens, SubjectAttributesHolder subjectAttributesHolder) throws IOException {
            return new SubjectAttributesHolder();
        }

        @Override // de.fzj.unicore.wsrflite.security.IAttributeSource
        public String[] getAcceptedVOs() {
            return null;
        }
    }

    private SecurityManager() {
    }

    public static void addCallback(AttributeHandlingCallback attributeHandlingCallback) {
        attribHandlingCallbacks.add(attributeHandlingCallback);
    }

    public static X509Certificate getServerCert() {
        if (serverCert == null) {
            try {
                serverCert = Kernel.getKernel().getSecurityProperties().getCertificateChain()[0];
                logger.info("Server identity: " + serverCert.getSubjectX500Principal().toString());
            } catch (Exception e) {
                Log.logException("Could not get server certificate", e, logger);
            }
        }
        return serverCert;
    }

    public static X500Principal getServerIdentity() {
        ISecurityProperties securityProperties = Kernel.getKernel().getSecurityProperties();
        if (!securityProperties.isSslEnabled() || securityProperties.getKeystore() == null) {
            return null;
        }
        return getServerCert().getSubjectX500Principal();
    }

    public static String getServerDistinguishedName() {
        if (getServerIdentity() != null) {
            return getServerIdentity().toString();
        }
        return null;
    }

    public static synchronized X509Certificate getGatewayCert() {
        if (gatewayCert == null) {
            ISecurityProperties securityProperties = Kernel.getKernel().getSecurityProperties();
            gatewayCert = securityProperties.getGatewayCertificate();
            if (gatewayCert == null) {
                gatewayCert = getPeerCertificate(Kernel.getKernel().getProperty(Kernel.WSRF_BASEURL), securityProperties);
            }
        }
        return gatewayCert;
    }

    public static synchronized String[] getTrustedCertificateDNs() {
        if (trustedCertDNs == null) {
            ISecurityProperties securityProperties = Kernel.getKernel().getSecurityProperties();
            if (securityProperties.getTruststore() != null) {
                try {
                    trustedCertDNs = KeystoreUtil.getTrustedCertDNs(KeystoreUtil.createKeyStore(securityProperties.getProperty(ISecurityProperties.WSRF_SSL_TRUSTSTORE), securityProperties.getProperty(ISecurityProperties.WSRF_SSL_TRUSTPASS), securityProperties.getProperty(ISecurityProperties.WSRF_SSL_TRUSTTYPE)));
                } catch (Exception e) {
                    logger.error("Can't load trusted certs from truststore", e);
                }
            }
        }
        return trustedCertDNs;
    }

    public static synchronized UnicoreXPDP getPDP() {
        if (pdp == null) {
            String property = Kernel.getKernel().getProperty(ISecurityProperties.UAS_CHECKACCESS_PDPCONFIG);
            String property2 = Kernel.getKernel().getProperty(ISecurityProperties.UAS_CHECKACCESS_PDP);
            if (property2 == null) {
                property2 = "eu.unicore.uas.pdp.local.LocalHerasafPDP";
            }
            logger.info("Using PDP class <" + property2 + "> configured from <" + property + ">");
            try {
                Class.forName(property2);
            } catch (ClassNotFoundException e) {
                logger.error("Cannot find PDP class <" + property2 + "> fallback to default : eu.unicore.uas.pdp.local.LocalHerasafPDP");
                property2 = "eu.unicore.uas.pdp.local.LocalHerasafPDP";
            }
            try {
                pdp = (UnicoreXPDP) Class.forName(property2).getConstructor(String.class).newInstance(property);
            } catch (Exception e2) {
                logger.fatal("Can't create pdp.", e2);
                throw new RuntimeException("Can't create a PDP: " + e2);
            }
        }
        return pdp;
    }

    public static SubjectAttributesHolder establishAttributes(SecurityTokens securityTokens) throws Exception {
        if (attributeSource == null) {
            createAttributeSource();
        }
        return attributeSource.getAttributes(securityTokens, null);
    }

    public static synchronized void createAttributeSource() throws Exception {
        attributeSource = new AttributeSourceFactory(Kernel.getKernel().getProperties()).makeAttributeSource();
    }

    private static void handleXlogin(Client client, Map<String, String[]> map, Map<String, String[]> map2, Map<String, String[]> map3) {
        String[] strArr = map2.get(IAttributeSource.ATTRIBUTE_XLOGIN);
        String[] strArr2 = map3.get(IAttributeSource.ATTRIBUTE_XLOGIN);
        String[] strArr3 = map2.get(IAttributeSource.ATTRIBUTE_GROUP);
        if (strArr3 == null) {
            strArr3 = new String[0];
        }
        String[] strArr4 = map3.get(IAttributeSource.ATTRIBUTE_GROUP);
        if (strArr4 == null) {
            strArr4 = new String[0];
        }
        String[] strArr5 = map2.get(IAttributeSource.ATTRIBUTE_SUPPLEMENTARY_GROUPS);
        if (strArr5 == null) {
            strArr5 = new String[0];
        }
        String[] strArr6 = map3.get(IAttributeSource.ATTRIBUTE_SUPPLEMENTARY_GROUPS);
        if (strArr6 == null) {
            strArr6 = new String[0];
        }
        String[] strArr7 = new String[strArr3.length + strArr5.length];
        for (int i = 0; i < strArr3.length; i++) {
            strArr7[i] = strArr3[i];
        }
        for (int i2 = 0; i2 < strArr5.length; i2++) {
            strArr7[i2 + strArr3.length] = strArr5[i2];
        }
        String[] strArr8 = map3.get(IAttributeSource.ATTRIBUTE_ADD_DEFAULT_GROUPS);
        if (strArr == null || strArr.length <= 0) {
            return;
        }
        Xlogin xlogin = new Xlogin(strArr, strArr7);
        xlogin.setSelectedLogin(strArr2[0]);
        if (strArr4.length > 0) {
            xlogin.setSelectedGroup(strArr4[0]);
        }
        if (strArr6.length > 0) {
            xlogin.setSelectedSupplementaryGroups(strArr6);
        }
        String[] strArr9 = map.get(IAttributeSource.ATTRIBUTE_XLOGIN);
        if (strArr9 != null && strArr9.length > 0) {
            xlogin.setSelectedLogin(strArr9[0]);
        }
        String[] strArr10 = map.get(IAttributeSource.ATTRIBUTE_GROUP);
        if (strArr10 != null && strArr10.length > 0) {
            xlogin.setSelectedGroup(strArr10[0]);
        }
        String[] strArr11 = map.get(IAttributeSource.ATTRIBUTE_SUPPLEMENTARY_GROUPS);
        if (strArr11 != null && strArr11.length > 0) {
            xlogin.setSelectedSupplementaryGroups(strArr11);
        }
        String[] strArr12 = map.get(IAttributeSource.ATTRIBUTE_ADD_DEFAULT_GROUPS);
        if (strArr12 == null || strArr12.length <= 0) {
            if (strArr8 != null && strArr8.length > 0) {
                if (strArr8[0].equalsIgnoreCase("true")) {
                    xlogin.setAddDefaultGroups(true);
                } else if (strArr8[0].equalsIgnoreCase("false")) {
                    xlogin.setAddDefaultGroups(false);
                }
            }
        } else if (strArr12[0].equalsIgnoreCase("true")) {
            xlogin.setAddDefaultGroups(true);
        } else {
            if (!strArr12[0].equalsIgnoreCase("false")) {
                throw new SecurityException("Requested value <" + strArr12[0] + "> is invalid for " + IAttributeSource.ATTRIBUTE_ADD_DEFAULT_GROUPS + " attribute; use 'true' or 'false'.");
            }
            xlogin.setAddDefaultGroups(false);
        }
        client.setXlogin(xlogin);
    }

    private static void handleRole(Client client, Map<String, String[]> map, Map<String, String[]> map2, Map<String, String[]> map3) {
        Role role = new Role();
        String[] strArr = map2.get(IAttributeSource.ATTRIBUTE_ROLE);
        String[] strArr2 = map3.get(IAttributeSource.ATTRIBUTE_ROLE);
        if (strArr2 == null || strArr2.length <= 0) {
            role.setName(IAttributeSource.ROLE_ANONYMOUS);
            role.setDescription("default role");
        } else {
            String[] strArr3 = map.get(IAttributeSource.ATTRIBUTE_ROLE);
            if (strArr3 == null || strArr3.length <= 0) {
                role.setName(strArr2[0]);
                role.setDescription("role from attribute source");
            } else {
                boolean z = false;
                int length = strArr.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    String str = strArr[i];
                    if (str.equals(strArr3[0])) {
                        role.setName(str);
                        role.setDescription("user's preferred role");
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    throw new SecurityException("Requested role <" + strArr3[0] + "> is not available.");
                }
            }
        }
        client.setRole(role);
    }

    private static void handleQueue(Client client, Map<String, String[]> map, Map<String, String[]> map2, Map<String, String[]> map3) {
        Queue queue = new Queue();
        String[] strArr = map2.get(IAttributeSource.ATTRIBUTE_QUEUES);
        String[] strArr2 = map3.get(IAttributeSource.ATTRIBUTE_QUEUES);
        if (strArr != null && strArr.length > 0) {
            queue.setValidQueues(strArr);
            if (strArr2 != null && strArr2.length > 0) {
                queue.setSelectedQueue(strArr2[0]);
            }
        }
        client.setQueue(queue);
    }

    private static void assembleClientAttributes(Client client, SecurityTokens securityTokens) {
        if (isServer(client)) {
            client.setRole(getServerRole());
        } else {
            try {
                SubjectAttributesHolder establishAttributes = establishAttributes(securityTokens);
                if (establishAttributes != null) {
                    client.setSubjectAttributes(establishAttributes);
                }
                Map map = (Map) securityTokens.getContext().get(UserAttributeCallback.USER_PREFERENCES_KEY);
                if (map == null) {
                    map = Collections.emptyMap();
                }
                Map validIncarnationAttributes = client.getSubjectAttributes().getValidIncarnationAttributes();
                Map defaultIncarnationAttributes = client.getSubjectAttributes().getDefaultIncarnationAttributes();
                handleXlogin(client, map, validIncarnationAttributes, defaultIncarnationAttributes);
                handleRole(client, map, validIncarnationAttributes, defaultIncarnationAttributes);
                handleQueue(client, map, validIncarnationAttributes, defaultIncarnationAttributes);
                String[] strArr = (String[]) validIncarnationAttributes.get(IAttributeSource.ATTRIBUTE_VOS);
                if (strArr != null) {
                    client.setVos(strArr);
                }
            } catch (Exception e) {
                throw new SecurityException("Exception when getting attributes for the client.", e);
            }
        }
        Iterator<AttributeHandlingCallback> it = attribHandlingCallbacks.iterator();
        while (it.hasNext()) {
            Map<String, Serializable> extractAttributes = it.next().extractAttributes(securityTokens);
            if (extractAttributes != null) {
                client.getExtraAttributes().putAll(extractAttributes);
            }
        }
    }

    private static Client createSecureClient(SecurityTokens securityTokens) {
        Client client = new Client();
        String str = null;
        if (securityTokens.getEffectiveUserName() == null) {
            throw new AuthorisationException("Can't authorise: no user cert available, no trust delegation found, no consignor cert.");
        }
        if (isProxyModeEnabled()) {
            try {
                str = handleProxyCert(securityTokens);
            } catch (CertificateException e) {
                throw new SecurityException("Exception during proxy certificate handling.", e);
            }
        }
        if (str == null) {
            str = securityTokens.getEffectiveUserName().toString();
        }
        client.setDistinguishedName(str);
        client.setSecurityTokens(securityTokens);
        assembleClientAttributes(client, securityTokens);
        if (logger.isDebugEnabled()) {
            logger.debug("Client info: " + client);
            try {
                SecurityTokens securityTokens2 = client.getSecurityTokens();
                if (securityTokens2 != null) {
                    logger.debug("TD Chain length=" + securityTokens2.getTrustDelegationTokens().size());
                }
            } catch (Exception e2) {
                logger.debug("No TD.");
            }
        }
        return client;
    }

    public static Client createAndAuthoriseClient(SecurityTokens securityTokens) {
        new Client();
        Client makeAnonymousClient = isLocalCall() ? makeAnonymousClient("CN=Local_call") : securityTokens == null ? makeAnonymousClient(null) : !Kernel.getKernel().getBooleanProperty(DISABLE_SECURITY_AND_ACCESS_CONTROL, false) ? createSecureClient(securityTokens) : makeAnonymousClient("CN=Security_is_disabled");
        MDC.put("clientName", makeAnonymousClient.getDistinguishedName());
        return makeAnonymousClient;
    }

    public static String handleProxyCert(SecurityTokens securityTokens) throws CertificateException {
        X509Certificate proxiedUserCert = getProxiedUserCert(securityTokens);
        securityTokens.setUserName(proxiedUserCert.getSubjectX500Principal());
        securityTokens.setUser(CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(proxiedUserCert)));
        String x500Principal = proxiedUserCert.getSubjectX500Principal().toString();
        if (logger.isDebugEnabled()) {
            logger.debug("Real User DN: " + x500Principal);
        }
        return x500Principal;
    }

    public static X509Certificate getProxiedUserCert(SecurityTokens securityTokens) throws CertificateException {
        return getRealUserCertFromProxyCertPath(securityTokens.getUser() != null ? securityTokens.getUser() : securityTokens.getConsignor());
    }

    public static X509Certificate getRealUserCertFromProxyCertPath(CertPath certPath) {
        X509Certificate x509Certificate = null;
        if (certPath != null && certPath.getCertificates().size() > 0) {
            String str = null;
            List<? extends Certificate> certificates = certPath.getCertificates();
            if (logger.isDebugEnabled()) {
                logger.debug("Checking certpath to extract real user cert.");
                Iterator<? extends Certificate> it = certificates.iterator();
                while (it.hasNext()) {
                    logger.debug("DN: " + ((X509Certificate) it.next()).getSubjectDN().toString());
                }
            }
            Iterator<? extends Certificate> it2 = certificates.iterator();
            while (it2.hasNext()) {
                x509Certificate = (X509Certificate) it2.next();
                str = x509Certificate.getSubjectX500Principal().toString();
                if (!isProxyDN(str)) {
                    break;
                }
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Real subject: " + str);
            }
        }
        return x509Certificate;
    }

    public static boolean checkConsignorEqualsUser(SecurityTokens securityTokens) {
        if (!isProxyModeEnabled()) {
            return securityTokens.getConsignorCertificate().getSubjectX500Principal().equals(securityTokens.getUserName());
        }
        String name = getRealUserCertFromProxyCertPath(securityTokens.getUser()).getSubjectX500Principal().getName();
        String name2 = getRealUserCertFromProxyCertPath(securityTokens.getConsignor()).getSubjectX500Principal().getName();
        return name2 != null && name2.equals(name);
    }

    protected static Role getServerRole() {
        Role role = new Role();
        role.setDescription("Server");
        role.setName("__server__");
        return role;
    }

    protected static Client makeAnonymousClient(String str) {
        Client client = new Client();
        if (str == null) {
            client.setDistinguishedName("CN=ANONYMOUS,O=UNKNOWN,OU=UNKNOWN");
        } else {
            client.setDistinguishedName(str);
        }
        client.setRole(new Role(IAttributeSource.ROLE_ANONYMOUS, "No authorisation information available."));
        return client;
    }

    public static void checkAuthentication(SecurityTokens securityTokens, String str, ResourceDescriptor resourceDescriptor) {
        if (Kernel.getKernel().getBooleanProperty(ISecurityProperties.UAS_REQUIRE_SIGNATURES)) {
            Iterator<AuthNCheckingStrategy> it = authNCheckStrategies.iterator();
            while (it.hasNext()) {
                it.next().checkAuthentication(securityTokens, str, resourceDescriptor);
            }
        }
    }

    public static void registerAuthNCheckingStrategies(AuthNCheckingStrategy... authNCheckingStrategyArr) {
        authNCheckStrategies.addAll(Arrays.asList(authNCheckingStrategyArr));
    }

    private static PDPResult.Decision checkAuthzInternal(Client client, String str, ResourceDescriptor resourceDescriptor) {
        try {
            PDPResult checkAuthorisation = getPDP().checkAuthorisation(client, str, resourceDescriptor);
            if (checkAuthorisation.getDecision().equals(PDPResult.Decision.UNCLEAR)) {
                logger.warn("The UNICORE/X PDP was unable to make a definitive decision, check you policy for and consult other log messages.");
            }
            return checkAuthorisation.getDecision();
        } catch (Exception e) {
            logger.info("Authorisation failure.", e);
            throw new AuthorisationException("Access id denied as PDP throwed an error: " + e);
        }
    }

    public static void checkAuthorisation(Client client, String str, ResourceDescriptor resourceDescriptor) throws AuthorisationException {
        if (checkAuthzInternal(client, str, resourceDescriptor).equals(PDPResult.Decision.PERMIT)) {
            return;
        }
        String str2 = "Access denied for " + client.getDistinguishedName() + " on resource " + resourceDescriptor;
        logger.info(str2);
        throw new AuthorisationException(str2);
    }

    public static boolean isAccessible(Client client, String str, String str2, String str3) throws Exception {
        return !isAccessControlEnabled() || isServer(client) || checkAuthzInternal(client, null, new ResourceDescriptor(str, str2, str3)).equals(PDPResult.Decision.PERMIT);
    }

    public static void setLocalCall() {
        localCalls.set(Boolean.TRUE);
    }

    public static void clearLocalCall() {
        localCalls.set(null);
    }

    public static boolean isLocalCall() {
        return Boolean.TRUE.equals(localCalls.get());
    }

    public static boolean isServer(Client client) {
        if (client == null) {
            return false;
        }
        try {
            if (logger.isTraceEnabled()) {
                logger.trace("Check server=<" + getServerCert().getSubjectX500Principal().getName() + ">  vs client=<" + client.getDistinguishedName() + ">");
            }
            return getServerDistinguishedName().equals(client.getDistinguishedName());
        } catch (Exception e) {
            Log.logException("Could not check certificate vs. server cert.", e, logger);
            return false;
        }
    }

    public static boolean isServer(X509Certificate x509Certificate) {
        return getServerCert().equals(x509Certificate);
    }

    public static boolean isServer(CertPath certPath) {
        try {
            return getServerCert().equals((X509Certificate) certPath.getCertificates().get(0));
        } catch (Exception e) {
            Log.logException("Could not check certificate vs. server cert", e, logger);
            return false;
        }
    }

    public static boolean isTrustedAgent(Client client) {
        try {
            return IAttributeSource.ROLE_TRUSTED_AGENT.equals(client.getRole().getName());
        } catch (Exception e) {
            Log.logException("Could not check whether client is trusted agent.", e, logger);
            return false;
        }
    }

    public static boolean isAdmin(Client client) {
        try {
            return IAttributeSource.ROLE_ADMIN.equals(client.getRole().getName());
        } catch (Exception e) {
            Log.logException("Could not check whether client is admin.", e, logger);
            return false;
        }
    }

    public static X509Certificate getPeerCertificate(String str, ISecurityProperties iSecurityProperties) {
        return getPeerCertificate(str, iSecurityProperties, 0);
    }

    public static X509Certificate getPeerCertificate(String str, ISecurityProperties iSecurityProperties, int i) {
        SSLSocket sSLSocket = null;
        try {
            try {
                URL url = new URL(str);
                SSLSocket sSLSocket2 = (SSLSocket) new AuthSSLProtocolSocketFactory(iSecurityProperties).createSocket(url.getHost(), url.getPort() != -1 ? url.getPort() : url.getDefaultPort());
                X509Certificate x509Certificate = (X509Certificate) sSLSocket2.getSession().getPeerCertificates()[0];
                if (logger.isDebugEnabled()) {
                    try {
                        logger.debug("Got peer cert of <" + str + ">,\nName: " + x509Certificate.getSubjectX500Principal().getName() + "\nIssued by: " + x509Certificate.getIssuerX500Principal().getName());
                    } catch (Exception e) {
                        Log.logException("Problem with certificate for <" + str + ">", e, logger);
                        if (sSLSocket2 != null) {
                            try {
                                sSLSocket2.close();
                            } catch (IOException e2) {
                                return null;
                            }
                        }
                        return null;
                    }
                }
                if (sSLSocket2 != null) {
                    try {
                        sSLSocket2.close();
                    } catch (IOException e3) {
                    }
                }
                return x509Certificate;
            } catch (Exception e4) {
                logger.debug("Can't get certificate for <" + str + ">", e4);
                if (0 != 0) {
                    try {
                        sSLSocket.close();
                    } catch (IOException e5) {
                        return null;
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    sSLSocket.close();
                } catch (IOException e6) {
                    throw th;
                }
            }
            throw th;
        }
    }

    public static boolean isAccessControlEnabled() {
        if (isAccessControlEnabled == null) {
            isAccessControlEnabled = Boolean.valueOf(Boolean.parseBoolean(Kernel.getKernel().getProperty(ISecurityProperties.UAS_CHECKACCESS, "false")));
        }
        return isAccessControlEnabled.booleanValue();
    }

    public static void setAccessControlEnabled(boolean z) {
        isAccessControlEnabled = Boolean.valueOf(z);
        Kernel.getKernel().setProperty(ISecurityProperties.UAS_CHECKACCESS, "true");
    }

    public static synchronized boolean isProxyModeEnabled() {
        if (isProxyModeEnabled == null) {
            isProxyModeEnabled = Boolean.valueOf(Boolean.parseBoolean(Kernel.getKernel().getProperty(ISecurityProperties.UAS_AUTHORISER_PROXY_SUPPORT, "false")));
        }
        return isProxyModeEnabled.booleanValue();
    }

    public static synchronized String getAuthoriserConnectionStatus() throws Exception {
        if (attributeSource == null) {
            createAttributeSource();
        }
        return attributeSource.getStatusDescription();
    }

    public static synchronized IAttributeSource getAtributeSource() throws Exception {
        if (attributeSource == null) {
            createAttributeSource();
        }
        return attributeSource;
    }

    public static boolean isProxyDN(String str) {
        return pattern.matcher(str).find();
    }

    public static void addSOAPActionsRequiringSignatures(String... strArr) {
        actionsRequiringSignatures.addAll(Arrays.asList(strArr));
    }

    public static boolean needSignature(String str) {
        if (str == null) {
            return false;
        }
        boolean contains = actionsRequiringSignatures.contains(str);
        logger.debug("Check <" + str + "> = " + contains);
        return contains;
    }
}
