package com.ibm.ISecurityLocalObjectBaseL13Impl;

import com.ibm.CORBA.iiop.ExtendedClientRequestInfo;
import com.ibm.CORBA.iiop.ExtendedORBInitInfo;
import com.ibm.CORBA.iiop.ORB;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ClientSessionKey;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionEntry;
import com.ibm.ISecurityUtilityImpl.ConfigURLProperties;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ws.connmgmt.ConnectionHandle;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.orb.transport.ConnectionData;
import com.ibm.ws.orbimpl.transport.ConnectionInformationImpl;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.orbssl.ExtendedSSLConnectionData;
import javax.security.auth.Subject;
import org.omg.CORBA.Object;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.SASContextBody;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.ORBInitInfo;
import org.omg.PortableInterceptor.RequestInfo;

/* loaded from: input_file:ws_runtime.jar:com/ibm/ISecurityLocalObjectBaseL13Impl/CSIClientRI.class */
public class CSIClientRI extends CSIClientRIBase {
    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase, com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit
    public void pre_init(ORBInitInfo oRBInitInfo) {
        super.pre_init(oRBInitInfo);
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRI.pre_init");
        }
        if (ConfigURLProperties.isSecurityEnabled()) {
            SecurityLogger.logAudit("CSIClientRI.pre_init", "security.ClientCSI");
            try {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRI.pre_init", "Registering client request interceptor.");
                }
                this.slotid = oRBInitInfo.allocate_slot_id();
                ((ExtendedORBInitInfo) oRBInitInfo).add_client_request_interceptor(this, false);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.pre_init", "267", this);
                SecurityLogger.debugMessage("CSIClientRI.pre_init", "An exception has been thrown registering the interceptor.");
                SecurityLogger.logException("CSIClientRI.pre_init", e, 0, 0);
            }
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRI.pre_init");
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase, com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit
    public void post_init(ORBInitInfo oRBInitInfo) {
        super.post_init(oRBInitInfo);
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase
    public void send_request(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        String localHost;
        ConnectionHandle connectionHandle;
        if (SecurityLogger.debugTraceEnabled) {
            entry(clientRequestInfo, "CSIClientRI.send_request");
        }
        CurrentImpl current = this.csiUtil.getCurrent();
        CSIv2EffectivePerformPolicy effectivePolicy = current.getEffectivePolicy();
        current.setEffectivePolicy(null);
        String str = "";
        ConnectionData connectionData = null;
        ConnectionInformationImpl connectionInformationImpl = (ConnectionInformationImpl) ((ExtendedClientRequestInfo) clientRequestInfo).getConnectionData();
        if (connectionInformationImpl != null) {
            connectionData = (ConnectionData) connectionInformationImpl.getConnectionData();
        }
        boolean z = false;
        if (connectionData != null) {
            if (!(connectionData instanceof ExtendedSSLConnectionData)) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRI.send_request", new StringBuffer().append("Invalid cdata class: ").append(connectionData).toString());
                    return;
                }
                return;
            }
            str = connectionData.getConnectionKey();
            if (str == null && (connectionHandle = (ConnectionHandle) connectionData.getConnectionHandle()) != null && connectionHandle.getIsLocalComm()) {
                str = connectionHandle.toString();
                connectionData.setConnectionKey(str);
                z = true;
            }
            if (effectivePolicy == null) {
                effectivePolicy = ((ExtendedSSLConnectionData) connectionData).getEffectivePolicy();
            }
        }
        this.myVault.put_effective_policy(clientRequestInfo.request_id(), effectivePolicy);
        if (!qualifyClientRequest(clientRequestInfo, effectivePolicy)) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.send_request", "Returning from send_request without authenticating.");
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.send_request");
                return;
            }
            return;
        }
        CSICredentialsManager cSICredentialsManager = new CSICredentialsManager();
        boolean performClientAuthentication = effectivePolicy.performClientAuthentication();
        boolean performIdentityAssertion = effectivePolicy.performIdentityAssertion();
        SessionEntry sessionEntry = null;
        ClientSessionKey clientSessionKey = null;
        long j = 0;
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.send_request", new StringBuffer().append("Identity assertion: ").append(performIdentityAssertion).append(",  client authentication: ").append(performClientAuthentication).append(",  authorization token: ").append(effectivePolicy.performAuthorizationToken()).toString());
        }
        if (performClientAuthentication || performIdentityAssertion) {
            effectivePolicy.getTargetHostName();
            String realm = RealmSecurityName.getRealm(effectivePolicy.getTargetSecurityName());
            if (realm == null || realm.equals("")) {
                realm = effectivePolicy.getTargetSecurityName();
            }
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.send_request", "Retrieving Subject from thread or login.");
            }
            Subject retrieveSubject = retrieveSubject(realm, effectivePolicy, cSICredentialsManager);
            if (retrieveSubject == null) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRI.send_request", "Subject is null, sending unauthenticated request.");
                }
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIClientRI.send_request");
                    return;
                }
                return;
            }
            SubjectHelper.getWSCredentialFromSubject(retrieveSubject);
            if (effectivePolicy.isStateful()) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRI.send_request", "Starting session evaluation.");
                }
                int i = 0;
                if (z) {
                    localHost = "";
                } else {
                    localHost = connectionData.getLocalHost();
                    i = connectionData.getLocalPort();
                }
                sessionEntry = determineStatefulContextID(realm, effectivePolicy, this.sessionMgr, clientRequestInfo, retrieveSubject, connectionData.getConnectionKey(), localHost, i);
                if (sessionEntry == null) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CSIClientRI.send_request", "EstablishContext message has been set in the request.");
                    }
                    if (SecurityLogger.debugEntryEnabled) {
                        SecurityLogger.debugExit("CSIClientRI.send_request");
                        return;
                    }
                    return;
                }
                clientSessionKey = sessionEntry.get_client_session_key();
                j = sessionEntry.get_client_context_id();
                if (sessionEntry.get_renegotiate_to_stateless()) {
                    j = 0;
                    sessionEntry.reset_renegotiate_to_stateless();
                }
            } else if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.send_request", "This is a stateless request.");
            }
            effectivePolicy.setStatefulContextID(j);
            effectivePolicy.setClientSessionKey(clientSessionKey);
            if (effectivePolicy.performAuthorizationToken() || this.secConfig.isRMIOutboundLoginEnabled()) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRI.send_request", "Calling JAAS login to map or create opaque authorization token.");
                }
                retrieveSubject = mapOutboundOrCreateOAT(retrieveSubject, effectivePolicy);
            }
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.send_request", "Determining which SecurityContext to use (GSSUP or LTPA).");
            }
            SecurityContextImpl determineSecurityContextType = determineSecurityContextType(retrieveSubject, effectivePolicy, str, this.sessionMgr, sessionEntry);
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.send_request", "Setting the contents of the identity token.");
            }
            IdentityToken identityToken = new IdentityToken();
            setIdentityToken(identityToken, retrieveSubject, effectivePolicy, this.sessionMgr, sessionEntry);
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.send_request", "Setting the contents of the client authentication token and EstablishContext message.");
            }
            setSecurityContext(clientRequestInfo, determineSecurityContextType, identityToken, retrieveSubject, effectivePolicy, this.sessionMgr, sessionEntry, realm);
        } else if (effectivePolicy.performTLClientAuth() && connectionData.getConnectionType() == 1) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRI.send_request", "TLSClientAuth over SSL only, No security service returned.");
            }
        } else if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.send_request", "No security is required at csiv2 message and attribute layers.  No security context will be sent.");
        }
        if (effectivePolicy.isStateful() && sessionEntry != null && j != 0) {
            this.sessionMgr.csi_client_session_status_update(j, clientSessionKey, 6);
        }
        this.csiUtil.setUnauthenticatedToNullIfNeeded();
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.send_request", "*** SENDING REQUEST ***");
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRI.send_request");
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase
    public void receive_reply(ClientRequestInfo clientRequestInfo) {
        if (SecurityLogger.debugTraceEnabled) {
            entry(clientRequestInfo, "CSIClientRI.receive_reply");
        }
        if (is_local_client_request(clientRequestInfo)) {
            receive_reply_local(clientRequestInfo);
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_reply");
                return;
            }
            return;
        }
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = this.myVault.get_effective_policy(clientRequestInfo.request_id());
        this.myVault.clear_effective_policy(clientRequestInfo.request_id());
        String name = clientRequestInfo.effective_target() != null ? clientRequestInfo.effective_target().getClass().getName() : "<unknown>";
        if (SecurityConnectionInterceptor.isSpecialNamingMethod(clientRequestInfo.operation(), name) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(clientRequestInfo.operation(), name) || ORB.isSpecialMethod(clientRequestInfo.operation())) {
            SecurityLogger.debugMessage("CSIClientRI.receive_reply", "Special naming method or other corba special method. Return from interceptor.");
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_reply");
                return;
            }
            return;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.receive_reply", "*** RECEIVING REPLY ***");
        }
        if (cSIv2EffectivePerformPolicy != null) {
            SASContextBody sASContextBody = null;
            ServiceContext serviceContext = this.csiUtil.get_sc_from_reply((RequestInfo) clientRequestInfo);
            if (serviceContext != null) {
                sASContextBody = this.csiUtil.get_message_from_sc(serviceContext);
            }
            this.sessionMgr.csi_client_session_complete(sASContextBody, cSIv2EffectivePerformPolicy.isStateful(), cSIv2EffectivePerformPolicy.getStatefulContextID(), cSIv2EffectivePerformPolicy.getClientSessionKey());
            if (serviceContext != null && (cSIv2EffectivePerformPolicy.performClientAuthentication() || cSIv2EffectivePerformPolicy.performIdentityAssertion())) {
                SecurityContextImpl securityContextImpl = new com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl(this.myVault, "");
                securityContextImpl.csi_continue_security_context(clientRequestInfo, securityContextImpl);
            }
        } else if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.receive_reply", "Effective policy is null.");
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.receive_reply", "*** MESSAGE COMPLETED ***");
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRI.receive_reply");
        }
    }

    public void receive_reply_local(ClientRequestInfo clientRequestInfo) {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase
    public void receive_exception(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        if (SecurityLogger.debugTraceEnabled) {
            entry(clientRequestInfo, "CSIClientRI.receive_exception");
        }
        if (is_local_client_request(clientRequestInfo)) {
            receive_exception_local(clientRequestInfo);
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_exception");
                return;
            }
            return;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.receive_exception", "*** RECEIVING EXCEPTION ***");
            String read_detailed_message = this.csiUtil.read_detailed_message(clientRequestInfo);
            if (!read_detailed_message.equals("")) {
                SecurityLogger.debugMessage("CSIClientRI.receive_exception", new StringBuffer().append("The following exception was received from the server: ").append(read_detailed_message).toString());
            }
        }
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = this.myVault.get_effective_policy(clientRequestInfo.request_id());
        this.myVault.clear_effective_policy(clientRequestInfo.request_id());
        if (cSIv2EffectivePerformPolicy != null) {
            SASContextBody sASContextBody = null;
            ServiceContext serviceContext = this.csiUtil.get_sc_from_reply((RequestInfo) clientRequestInfo);
            if (serviceContext != null) {
                sASContextBody = this.csiUtil.get_message_from_sc(serviceContext);
            }
            this.sessionMgr.csi_client_session_complete_exception(sASContextBody, cSIv2EffectivePerformPolicy.isStateful(), cSIv2EffectivePerformPolicy.getClientSessionKey());
            if (clientRequestInfo.reply_status() == 1) {
                this.sessionMgr.retry(clientRequestInfo);
            }
            if (serviceContext != null && (cSIv2EffectivePerformPolicy.performClientAuthentication() || cSIv2EffectivePerformPolicy.performIdentityAssertion())) {
                SecurityContextImpl securityContextImpl = new com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl(this.myVault, "");
                securityContextImpl.csi_continue_security_context(clientRequestInfo, securityContextImpl);
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRI.receive_exception", "*** MESSAGE COMPLETED ***");
                }
            }
        } else if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.receive_exception", "Effective policy is null.");
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRI.receive_exception");
        }
    }

    public void receive_exception_local(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase
    public void receive_other(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        if (SecurityLogger.debugTraceEnabled) {
            entry(clientRequestInfo, "CSIClientRI.receive_other");
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRI.receive_other", "*** RECEIVE OTHER ***");
        }
        if (is_local_client_request(clientRequestInfo)) {
            receive_other_local(clientRequestInfo);
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_other");
                return;
            }
            return;
        }
        String name = clientRequestInfo.effective_target() != null ? clientRequestInfo.effective_target().getClass().getName() : "<unknown>";
        if (SecurityConnectionInterceptor.isSpecialNamingMethod(clientRequestInfo.operation(), name) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(clientRequestInfo.operation(), name) || ORB.isSpecialMethod(clientRequestInfo.operation())) {
            SecurityLogger.debugMessage("CSIClientRI.receive_other", "Special naming method or other corba special method. Return from interceptor.");
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRI.receive_other");
                return;
            }
            return;
        }
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = this.myVault.get_effective_policy(clientRequestInfo.request_id());
        switch (clientRequestInfo.reply_status()) {
            case 0:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRI.receive_other", "receive_other status: SUCCESSFUL.");
                }
                receive_reply(clientRequestInfo);
                break;
            case 3:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRI.receive_other", "receive_other status: LOCATION_FORWARD.");
                }
                if (this.sessionMgr != null && cSIv2EffectivePerformPolicy != null) {
                    this.sessionMgr.csi_client_session_status_update(cSIv2EffectivePerformPolicy.getStatefulContextID(), cSIv2EffectivePerformPolicy.getClientSessionKey(), 7);
                    break;
                }
                break;
            default:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRI.receive_other", new StringBuffer().append("receive_other status: ").append((int) clientRequestInfo.reply_status()).toString());
                }
                if (this.sessionMgr != null && cSIv2EffectivePerformPolicy != null) {
                    this.sessionMgr.csi_client_session_status_update(cSIv2EffectivePerformPolicy.getStatefulContextID(), cSIv2EffectivePerformPolicy.getClientSessionKey(), 7);
                    break;
                }
                break;
        }
        this.myVault.clear_effective_policy(clientRequestInfo.request_id());
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRI.receive_other");
        }
    }

    public void receive_other_local(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    public void entry(ClientRequestInfo clientRequestInfo, String str) {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry(str);
        }
        if (SecurityLogger.debugTraceEnabled) {
            StringBuffer stringBuffer = new StringBuffer(100);
            stringBuffer.append("Request_id: ").append(clientRequestInfo.request_id()).append(", ");
            Object effective_target = clientRequestInfo.effective_target();
            if (effective_target != null) {
                stringBuffer.append("class: ").append(effective_target.getClass().getName()).append(", ");
            }
            stringBuffer.append("operation: ").append(clientRequestInfo.operation());
            SecurityLogger.debugMessage(str, stringBuffer.toString());
        }
    }
}
