package org.ogf.graap.wsag.wsrf.impl;

import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import org.apache.muse.ws.resource.properties.ResourcePropertyCollection;
import org.apache.ws.security.WSSecurityException;
import org.apache.xmlbeans.XmlString;
import org.ogf.graap.wsag.api.Agreement;
import org.ogf.graap.wsag.api.WsagConstants;
import org.ogf.graap.wsag.server.api.WsagSession;
import org.ogf.graap.wsag.server.engine.WsagEngine;
import org.ogf.graap.wsag.wsrf.AbstractWsResource;
import org.w3.x2005.x08.addressing.EndpointReferenceType;

/* loaded from: input_file:org/ogf/graap/wsag/wsrf/impl/AgreementWsResource.class */
public class AgreementWsResource extends AbstractWsResource {
    private static final String WSAG4J_SECURITY_DN = "wsag4j.security.dn";
    private Agreement agreement = null;
    private WsagSession session = null;
    private EndpointReferenceType factoryEPR = null;
    private String subjectDN = null;
    private boolean subjectInitiatlized = false;

    private void initializeSubjectDN() {
        if (this.subjectInitiatlized) {
            return;
        }
        try {
            this.subjectDN = ((XmlString) this.agreement.getAgreementInstance().getExecutionContext().get(WSAG4J_SECURITY_DN)).getStringValue();
            this.subjectInitiatlized = true;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public void setSubject(Subject subject) {
        try {
            this.subjectDN = "";
            try {
                this.subjectDN = resolveSubjectDN(subject);
                this.agreement.getAgreementInstance().getExecutionContext().put(WSAG4J_SECURITY_DN, XmlString.Factory.newValue(this.subjectDN));
            } catch (Exception e) {
                throw new RuntimeException("failed to resolve authenticated user DN", e);
            }
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    private String resolveSubjectDN(Subject subject) {
        if (subject == null) {
            return null;
        }
        Iterator it = subject.getPublicCredentials(X509Certificate.class).iterator();
        if (it.hasNext()) {
            return ((X509Certificate) it.next()).getSubjectDN().toString();
        }
        return null;
    }

    public Agreement getAgreement() throws WSSecurityException {
        Subject subject = (Subject) WsagEngine.getWsagMessageContext().get("http://de.fraunhofer.scai.wsag4j/security/user-subject");
        if (!isInitialized()) {
            return this.agreement;
        }
        initializeSubjectDN();
        if (subject == null || this.subjectDN == null) {
            if (WsagEngine.isAllowAnonymousAccess()) {
                return this.agreement;
            }
        } else if (this.subjectDN.equals(resolveSubjectDN(subject))) {
            return this.agreement;
        }
        throw new WSSecurityException(MessageFormat.format("The authenticated user does not match the creator of the agreement instance.\nauthenticated: {0}\nexpected: {1}", subject, this.subjectDN));
    }

    public void setAgreement(Agreement agreement) {
        this.agreement = agreement;
    }

    public void setSession(WsagSession wsagSession) {
        this.session = wsagSession;
    }

    public WsagSession getSession() {
        return this.session;
    }

    @Override // org.ogf.graap.wsag.wsrf.AbstractWsResource
    public QName getInterfaceName() {
        return WsagConstants.WSAG_AGREEMENT_QNAME;
    }

    public EndpointReferenceType getFactoryEPR() {
        return this.factoryEPR;
    }

    public void setFactoryEPR(EndpointReferenceType endpointReferenceType) {
        this.factoryEPR = endpointReferenceType;
    }

    protected ResourcePropertyCollection createPropertyCollection() {
        return new AgreementPropertiesCollection(this);
    }
}
