package com.sun.enterprise.iiop.security;

import com.sun.corba.ee.org.omg.CSI.AuthorizationElement;
import com.sun.corba.ee.org.omg.CSI.EstablishContext;
import com.sun.corba.ee.org.omg.CSI.GSS_NT_ExportedNameHelper;
import com.sun.corba.ee.org.omg.CSI.IdentityToken;
import com.sun.corba.ee.org.omg.CSI.SASContextBody;
import com.sun.corba.ee.org.omg.CSI.SASContextBodyHelper;
import com.sun.corba.ee.org.omg.CSI.X501DistinguishedNameHelper;
import com.sun.corba.ee.org.omg.CSI.X509CertificateChainHelper;
import com.sun.enterprise.security.auth.login.PasswordCredential;
import com.sun.enterprise.security.auth.login.X509CertificateCredential;
import com.sun.enterprise.util.LocalStringManagerImpl;
import com.sun.enterprise.util.ORBManager;
import com.sun.jdo.spi.persistence.utility.generator.JavaClassWriterHelper;
import com.sun.logging.LogDomains;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.LocalObject;
import org.omg.CORBA.ORB;
import org.omg.CORBA.Object;
import org.omg.IOP.Codec;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.ClientRequestInterceptor;
import org.omg.PortableInterceptor.ForwardRequest;
import sun.rmi.rmic.iiop.Constants;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.x509.X500Name;

/* loaded from: input_file:119167-13/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/enterprise/iiop/security/SecClientRequestInterceptor.class */
public class SecClientRequestInterceptor extends LocalObject implements ClientRequestInterceptor {
    private static Logger _logger;
    private static LocalStringManagerImpl localStrings;
    private String name;
    private String prname;
    private Codec codec;
    private ORB orb;
    private SecurityService secsvc;
    protected static final int SECURITY_ATTRIBUTE_SERVICE_ID = 15;
    static Class class$com$sun$enterprise$iiop$security$SecClientRequestInterceptor;
    static Class class$com$sun$enterprise$security$auth$login$PasswordCredential;
    static Class class$sun$security$x509$X500Name;
    static Class class$com$sun$enterprise$security$auth$login$X509CertificateCredential;
    static Class class$com$sun$enterprise$iiop$security$AnonCredential;
    static Class class$com$sun$enterprise$iiop$security$GSSUPName;

    public SecClientRequestInterceptor(String str, Codec codec) {
        this.name = str;
        this.codec = codec;
        this.prname = new StringBuffer().append(str).append(Constants.IDL_NAME_SEPARATOR).toString();
    }

    public String name() {
        return this.name;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Object getCred(Set set, Class cls) {
        Object obj = null;
        String name = cls.getName();
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Checking for a single instance of class in subject");
            _logger.log(Level.FINE, new StringBuffer().append("    Classname = ").append(name).toString());
        }
        if (set.size() != 1) {
            if (_logger.isLoggable(Level.SEVERE)) {
                _logger.log(Level.SEVERE, "iiop.multiple_credset", new Object[]{new Integer(set.size()), name});
            }
            throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.inv_credlist_size", "Credential list size is not 1."));
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            obj = it.next();
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, new StringBuffer().append("Verified single instance of class ( ").append(name).append(" )").toString());
        }
        return obj;
    }

    private byte[] createAuthToken(Object obj, Class cls) throws Exception {
        Class cls2;
        byte[] bArr = new byte[0];
        if (class$com$sun$enterprise$security$auth$login$PasswordCredential == null) {
            cls2 = class$("com.sun.enterprise.security.auth.login.PasswordCredential");
            class$com$sun$enterprise$security$auth$login$PasswordCredential = cls2;
        } else {
            cls2 = class$com$sun$enterprise$security$auth$login$PasswordCredential;
        }
        if (cls2.isAssignableFrom(cls)) {
            _logger.log(Level.FINE, "Constructing a PasswordCredential client auth token");
            bArr = GSSUPToken.getClientSideInstance(this.orb, this.codec, (PasswordCredential) obj).getGSSToken();
        }
        return bArr;
    }

    private IdentityToken createIdToken(Object obj, Class cls) throws Exception {
        Class cls2;
        Class cls3;
        Class cls4;
        Class cls5;
        DerOutputStream derOutputStream = new DerOutputStream();
        DerValue[] derValueArr = new DerValue[0];
        Any create_any = this.orb.create_any();
        IdentityToken identityToken = new IdentityToken();
        if (class$sun$security$x509$X500Name == null) {
            cls2 = class$("sun.security.x509.X500Name");
            class$sun$security$x509$X500Name = cls2;
        } else {
            cls2 = class$sun$security$x509$X500Name;
        }
        if (cls2.isAssignableFrom(cls)) {
            _logger.log(Level.FINE, "Constructing an X500 DN Identity Token");
            ((X500Name) obj).encode(derOutputStream);
            X501DistinguishedNameHelper.insert(create_any, derOutputStream.toByteArray());
            identityToken.dn(this.codec.encode_value(create_any));
        } else {
            if (class$com$sun$enterprise$security$auth$login$X509CertificateCredential == null) {
                cls3 = class$("com.sun.enterprise.security.auth.login.X509CertificateCredential");
                class$com$sun$enterprise$security$auth$login$X509CertificateCredential = cls3;
            } else {
                cls3 = class$com$sun$enterprise$security$auth$login$X509CertificateCredential;
            }
            if (cls3.isAssignableFrom(cls)) {
                _logger.log(Level.FINE, "Constructing an X509 Certificate Chain Identity Token");
                X509Certificate[] x509CertificateChain = ((X509CertificateCredential) obj).getX509CertificateChain();
                _logger.log(Level.FINE, new StringBuffer().append("Certchain length = ").append(x509CertificateChain.length).toString());
                DerValue[] derValueArr2 = new DerValue[x509CertificateChain.length];
                for (int i = 0; i < x509CertificateChain.length; i++) {
                    derValueArr2[i] = new DerValue(x509CertificateChain[i].getEncoded());
                }
                derOutputStream.putSequence(derValueArr2);
                X509CertificateChainHelper.insert(create_any, derOutputStream.toByteArray());
                identityToken.certificate_chain(this.codec.encode_value(create_any));
            } else {
                if (class$com$sun$enterprise$iiop$security$AnonCredential == null) {
                    cls4 = class$("com.sun.enterprise.iiop.security.AnonCredential");
                    class$com$sun$enterprise$iiop$security$AnonCredential = cls4;
                } else {
                    cls4 = class$com$sun$enterprise$iiop$security$AnonCredential;
                }
                if (cls4.isAssignableFrom(cls)) {
                    _logger.log(Level.FINE, "Constructing an Anonymous Identity Token");
                    identityToken.anonymous(true);
                } else {
                    if (class$com$sun$enterprise$iiop$security$GSSUPName == null) {
                        cls5 = class$("com.sun.enterprise.iiop.security.GSSUPName");
                        class$com$sun$enterprise$iiop$security$GSSUPName = cls5;
                    } else {
                        cls5 = class$com$sun$enterprise$iiop$security$GSSUPName;
                    }
                    if (cls5.isAssignableFrom(cls)) {
                        _logger.log(Level.FINE, "Constructing a GSS Exported name Identity Token");
                        GSS_NT_ExportedNameHelper.insert(create_any, ((GSSUPName) obj).getExportedName());
                        identityToken.principal_name(this.codec.encode_value(create_any));
                    }
                }
            }
        }
        return identityToken;
    }

    public void send_request(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        IdentityToken identityToken;
        AuthorizationElement[] authorizationElementArr = new AuthorizationElement[0];
        byte[] bArr = new byte[0];
        byte[] bArr2 = new byte[0];
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, new StringBuffer().append("++++ Entered ").append(this.prname).append("send_request").append(JavaClassWriterHelper.parenthesis_).toString());
        }
        this.secsvc = Csiv2Manager.getSecurityService();
        this.orb = ORBManager.getORB();
        if (this.secsvc == null) {
            _logger.log(Level.WARNING, "iiop.no_security_service");
            return;
        }
        try {
            SecurityContext securityContext = this.secsvc.getSecurityContext(clientRequestInfo.effective_target());
            if (securityContext == null) {
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "Security context is null (nothing to add to service context)");
                    return;
                }
                return;
            }
            if (securityContext.authcls != null) {
                try {
                    bArr = createAuthToken(AccessController.doPrivileged(new PrivilegedAction(this, securityContext) { // from class: com.sun.enterprise.iiop.security.SecClientRequestInterceptor.1
                        private final SecurityContext val$sCtx;
                        private final SecClientRequestInterceptor this$0;

                        {
                            this.this$0 = this;
                            this.val$sCtx = securityContext;
                        }

                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            return this.this$0.getCred(this.val$sCtx.subject.getPrivateCredentials(this.val$sCtx.authcls), this.val$sCtx.authcls);
                        }
                    }), securityContext.authcls);
                } catch (Exception e) {
                    _logger.log(Level.SEVERE, "iiop.createauthtoken_exception", (Throwable) e);
                    throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_authtok_create", "Error while constructing an authentication token."));
                }
            }
            if (securityContext.identcls != null) {
                try {
                    identityToken = createIdToken(getCred(securityContext.subject.getPublicCredentials(securityContext.identcls), securityContext.identcls), securityContext.identcls);
                } catch (Exception e2) {
                    _logger.log(Level.SEVERE, "iiop.createidtoken_exception", (Throwable) e2);
                    throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_idtok_create", "Error while constructing an identity token."));
                }
            } else {
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "Constructing an Absent Identity Token");
                }
                identityToken = new IdentityToken();
                identityToken.absent(true);
            }
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "Creating an EstablishContext message");
            }
            EstablishContext establishContext = new EstablishContext(0L, authorizationElementArr, identityToken, bArr);
            SASContextBody sASContextBody = new SASContextBody();
            sASContextBody.establish_msg(establishContext);
            Any create_any = this.orb.create_any();
            SASContextBodyHelper.insert(create_any, sASContextBody);
            try {
                byte[] encode_value = this.codec.encode_value(create_any);
                ServiceContext serviceContext = new ServiceContext();
                serviceContext.context_id = 15;
                serviceContext.context_data = encode_value;
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "Adding EstablishContext message to service context list");
                }
                clientRequestInfo.add_request_service_context(serviceContext, false);
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "Added EstablishContext message to service context list");
                }
            } catch (Exception e3) {
                _logger.log(Level.SEVERE, "iiop.encode_exception", (Throwable) e3);
                throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_cdr_encode", "CDR Encoding error for a SAS context element."));
            }
        } catch (InvalidIdentityTokenException e4) {
            _logger.log(Level.SEVERE, "iiop.runtime_exception", (Throwable) e4);
            throw new RuntimeException(e4.getMessage());
        } catch (InvalidMechanismException e5) {
            _logger.log(Level.SEVERE, "iiop.sec_context_exception", (Throwable) e5);
            throw new RuntimeException(e5.getMessage());
        }
    }

    public void send_poll(ClientRequestInfo clientRequestInfo) {
    }

    private void setreplyStatus(int i, Object object) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, new StringBuffer().append("Status to be set : ").append(i).toString());
        }
        this.secsvc = Csiv2Manager.getSecurityService();
        if (this.secsvc == null) {
            _logger.log(Level.WARNING, "iiop.no_security_service");
            return;
        }
        this.secsvc.receivedReply(i, object);
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "Invoked receivedReply()");
        }
    }

    private int mapreplyStatus(int i) {
        int i2;
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, new StringBuffer().append("Reply status to be mapped =  ").append(i).toString());
        }
        switch (i) {
            case 0:
            case 2:
                i2 = 0;
                break;
            case 1:
                i2 = 1;
                break;
            case 3:
            case 4:
                i2 = 2;
                break;
            default:
                i2 = i;
                break;
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, new StringBuffer().append("Mapped reply status = ").append(i2).toString());
        }
        return i2;
    }

    public void receive_reply(ClientRequestInfo clientRequestInfo) {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, new StringBuffer().append("++++ Entered ").append(this.prname).append("receive_reply").toString());
        }
        this.orb = ORBManager.getORB();
        try {
            ServiceContext serviceContext = clientRequestInfo.get_reply_service_context(15);
            this.orb.create_any();
            try {
                short discriminator = SASContextBodyHelper.extract(this.codec.decode_value(serviceContext.context_data, SASContextBodyHelper.type())).discriminator();
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, new StringBuffer().append("Received ").append(SvcContextUtils.getMsgname(discriminator)).append(" message").toString());
                }
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "Verifying the SAS protocol reply message");
                }
                if (discriminator == 1 || discriminator == 4) {
                    setreplyStatus(mapreplyStatus(clientRequestInfo.reply_status()), clientRequestInfo.effective_target());
                } else {
                    _logger.log(Level.SEVERE, "iiop.invalid_reply_message");
                    throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_not_cecec_msg", "Reply message not one of CompleteEstablishContext or ContextError."));
                }
            } catch (Exception e) {
                _logger.log(Level.SEVERE, "iiop.decode_exception", (Throwable) e);
                throw new SecurityException(localStrings.getLocalString("secclientreqinterceptor.err_cdr_decode", "CDR Decoding error for SAS context element."));
            }
        } catch (Exception e2) {
            _logger.log(Level.SEVERE, "iiop.service_context_exception", (Throwable) e2);
        } catch (BAD_PARAM e3) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "No SAS context element found in service context list");
            }
            setreplyStatus(0, clientRequestInfo.effective_target());
        }
    }

    public void receive_exception(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, new StringBuffer().append("++++ Entered ").append(this.prname).append("receive_exception").toString());
        }
    }

    public void receive_other(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    public void destroy() {
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        _logger = null;
        _logger = LogDomains.getLogger(LogDomains.CORBA_LOGGER);
        if (class$com$sun$enterprise$iiop$security$SecClientRequestInterceptor == null) {
            cls = class$("com.sun.enterprise.iiop.security.SecClientRequestInterceptor");
            class$com$sun$enterprise$iiop$security$SecClientRequestInterceptor = cls;
        } else {
            cls = class$com$sun$enterprise$iiop$security$SecClientRequestInterceptor;
        }
        localStrings = new LocalStringManagerImpl(cls);
    }
}
