package de.fzj.unicore.wsrflite.security;

import de.fzj.unicore.wsrflite.security.util.ResourceDescriptor;
import eu.unicore.security.AuthenticationException;
import eu.unicore.security.SecurityTokens;
import eu.unicore.security.SignatureStatus;
import eu.unicore.util.Log;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.log4j.Logger;

/* loaded from: input_file:de/fzj/unicore/wsrflite/security/DSignCheck.class */
public class DSignCheck {
    private static final Logger logger = Log.getLogger("unicore.security", DSignCheck.class);
    private final List<String> actionsRequiringSignatures = new ArrayList();
    private boolean dsigCheckingEnabled;

    public DSignCheck(boolean z) {
        logger.debug("Initialise checking of digital signature status.");
        this.dsigCheckingEnabled = z;
    }

    public void addSOAPActionsRequiringSignatures(String... strArr) {
        this.actionsRequiringSignatures.addAll(Arrays.asList(strArr));
    }

    public boolean needSignature(String str) {
        if (str == null || !this.dsigCheckingEnabled) {
            return false;
        }
        boolean contains = this.actionsRequiringSignatures.contains(str);
        logger.debug("Checking signatures for <" + str + "> = " + contains);
        return contains;
    }

    public void checkDigitalSignature(SecurityTokens securityTokens, String str, ResourceDescriptor resourceDescriptor) throws AuthenticationException {
        String str2 = null;
        if (resourceDescriptor != null && resourceDescriptor.getServiceName() != null && str != null) {
            str2 = resourceDescriptor.getServiceName() + "." + str;
        }
        String str3 = (String) securityTokens.getContext().get("REQUEST.soapAction");
        if (SignatureStatus.WRONG.equals(securityTokens.getMessageSignatureStatus())) {
            String str4 = "Non repudiation/integrity check failed on <" + resourceDescriptor.toString() + ">: digital signature is present but INVALID";
            logger.info(str4);
            throw new AuthenticationException(str4);
        }
        if (SignatureStatus.OK.equals(securityTokens.getMessageSignatureStatus())) {
            logger.debug("Non repudiation/integrity check was SUCCESSFUL on <" + resourceDescriptor.toString() + ">");
            return;
        }
        logger.debug("Checking whether signature verification is mandatory for invocation of [soap action=<" + str3 + "> or method=<" + str2 + ">]");
        if (needSignature(str3) || needSignature(str2)) {
            logger.debug("Signature verification is mandatory for invocation of [soap action=<" + str3 + "> or method=<" + str2 + ">]");
            String str5 = "Non repudiation/integrity check failed on <" + resourceDescriptor.toString() + ">: signature is required for <" + str + ">";
            logger.info(str5);
            throw new AuthenticationException(str5);
        }
    }
}
