package com.ibm.ISecurityLocalObjectBaseL13Impl;

import com.ibm.CORBA.iiop.ExtendedClientRequestInfo;
import com.ibm.CORBA.iiop.ExtendedORBInitInfo;
import com.ibm.CORBA.iiop.ORB;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ClientSessionKey;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionEntry;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.ws.connmgmt.ConnectionHandle;
import com.ibm.ws.orb.transport.ConnectionData;
import com.ibm.ws.orbimpl.transport.ConnectionInformationImpl;
import com.ibm.ws.security.config.CSIv2Config;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.orbssl.ExtendedSSLConnectionData;
import com.ibm.ws.util.PlatformHelperFactory;
import javax.security.auth.Subject;
import org.omg.CORBA.Object;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.SASContextBody;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.ORBInitInfo;
import org.omg.PortableInterceptor.RequestInfo;

/* loaded from: input_file:com/ibm/ISecurityLocalObjectBaseL13Impl/CSIClientRI.class */
public class CSIClientRI extends CSIClientRIBase {
    private static final TraceComponent tc = Tr.register((Class<?>) CSIClientRI.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase, com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit
    public void pre_init(ORBInitInfo oRBInitInfo) {
        super.pre_init(oRBInitInfo);
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "pre_init", new Object[]{oRBInitInfo, this});
        }
        if (SecurityObjectLocator.getCSIv2Config().getBoolean("com.ibm.CORBA.securityEnabled")) {
            Tr.audit(tc, "security.ClientCSI");
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Registering client request interceptor.");
                }
                this.slotid = oRBInitInfo.allocate_slot_id();
                ((ExtendedORBInitInfo) oRBInitInfo).add_client_request_interceptor(this, false);
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.pre_init", "%C", new Object[]{this});
                Tr.debug(tc, "An exception has been thrown registering the interceptor.", new Object[]{e});
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "pre_init");
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase, com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit
    public void post_init(ORBInitInfo oRBInitInfo) {
        super.post_init(oRBInitInfo);
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase
    public void send_request(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        String localHost;
        ConnectionHandle connectionHandle;
        if (tc.isDebugEnabled()) {
            entry(clientRequestInfo, "send_request");
        }
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        CurrentImpl current = this.csiUtil.getCurrent();
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = null;
        if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
            try {
                cSIv2EffectivePerformPolicy = getEffectivePolicyFromClientRequestInfo(clientRequestInfo);
            } catch (Exception e) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "%C", new Object[]{this});
                Tr.debug(tc, "An exception has been thrown getting the effective policy from the ior.", new Object[]{e});
            }
        } else {
            cSIv2EffectivePerformPolicy = current.getEffectivePolicy();
        }
        current.setEffectivePolicy(null);
        String str = "";
        ConnectionData connectionData = null;
        ConnectionInformationImpl connectionInformationImpl = (ConnectionInformationImpl) ((ExtendedClientRequestInfo) clientRequestInfo).getConnectionData();
        if (connectionInformationImpl != null) {
            connectionData = (ConnectionData) connectionInformationImpl.getConnectionData();
        }
        boolean z = false;
        if (connectionData != null) {
            if (!(connectionData instanceof ExtendedSSLConnectionData)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Invalid cdata class: " + connectionData);
                    return;
                }
                return;
            }
            str = connectionData.getConnectionKey();
            if (str == null && (connectionHandle = (ConnectionHandle) connectionData.getConnectionHandle()) != null && connectionHandle.getIsLocalComm()) {
                str = connectionHandle.toString();
                connectionData.setConnectionKey(str);
                z = true;
            }
            if (cSIv2EffectivePerformPolicy == null) {
                cSIv2EffectivePerformPolicy = ((ExtendedSSLConnectionData) connectionData).getEffectivePolicy();
            }
        }
        this.myVault.put_effective_policy(clientRequestInfo.request_id(), cSIv2EffectivePerformPolicy);
        if (!qualifyClientRequest(clientRequestInfo, cSIv2EffectivePerformPolicy)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning from send_request without authenticating.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "send_request");
                return;
            }
            return;
        }
        CSICredentialsManager cSICredentialsManager = new CSICredentialsManager();
        boolean performClientAuthentication = cSIv2EffectivePerformPolicy.performClientAuthentication();
        boolean performIdentityAssertion = cSIv2EffectivePerformPolicy.performIdentityAssertion();
        SessionEntry sessionEntry = null;
        ClientSessionKey clientSessionKey = null;
        long j = 0;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Identity assertion: " + performIdentityAssertion + ",  client authentication: " + performClientAuthentication + ",  authorization token: " + cSIv2EffectivePerformPolicy.performAuthorizationToken());
        }
        if (performClientAuthentication || performIdentityAssertion) {
            String realmOrReturnSecurityName = RealmSecurityName.getRealmOrReturnSecurityName(cSIv2EffectivePerformPolicy.getTargetSecurityName(), cSIv2EffectivePerformPolicy.getPerformClientAuthMechOID(), cSIv2EffectivePerformPolicy.getTargetAuthMechOID());
            if (realmOrReturnSecurityName == null || realmOrReturnSecurityName.equals("")) {
                realmOrReturnSecurityName = cSIv2EffectivePerformPolicy.getTargetSecurityName();
            }
            boolean z2 = false;
            if (cSIv2EffectivePerformPolicy.isNamingReadUnprotected()) {
                z2 = namingReadUnprotected(clientRequestInfo, cSIv2EffectivePerformPolicy);
            }
            if (z2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Naming call unprotected, returning from send_request.");
                    return;
                }
                return;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Retrieving Subject from thread or login.");
            }
            Subject retrieveSubject = retrieveSubject(realmOrReturnSecurityName, cSIv2EffectivePerformPolicy, cSICredentialsManager);
            if (retrieveSubject == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Subject is null, sending unauthenticated request.");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "send_request");
                    return;
                }
                return;
            }
            if (cSIv2Config.getBoolean("com.ibm.CSI.rmiOutboundMappingEnabled")) {
                retrieveSubject = unwrapSubject(retrieveSubject);
            }
            if (cSIv2EffectivePerformPolicy.isStateful()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Starting session evaluation.");
                }
                int i = 0;
                if (connectionData == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Null connection data");
                    }
                    if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
                        Manager.Ffdc.log(new Exception("No connection data, probable broken connection"), this, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRI.send_request", "%C", new Object[]{this});
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "No connection data, probable broken connection, returning with no security");
                            return;
                        }
                        return;
                    }
                }
                if (z) {
                    localHost = "";
                } else {
                    localHost = connectionData.getLocalHost();
                    i = connectionData.getLocalPort();
                }
                sessionEntry = determineStatefulContextID(realmOrReturnSecurityName, cSIv2EffectivePerformPolicy, this.sessionMgr, clientRequestInfo, retrieveSubject, connectionData.getConnectionKey(), localHost, i);
                if (sessionEntry == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "EstablishContext message has been set in the request.");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "send_request");
                        return;
                    }
                    return;
                }
                clientSessionKey = sessionEntry.get_client_session_key();
                j = sessionEntry.get_client_context_id();
                if (sessionEntry.get_renegotiate_to_stateless()) {
                    j = 0;
                    sessionEntry.reset_renegotiate_to_stateless();
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "This is a stateless request.");
            }
            cSIv2EffectivePerformPolicy.setStatefulContextID(j);
            cSIv2EffectivePerformPolicy.setClientSessionKey(clientSessionKey);
            if (cSIv2EffectivePerformPolicy.performAuthorizationToken() || cSIv2Config.getBoolean("com.ibm.CSI.rmiOutboundLoginEnabled")) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Calling JAAS login to map or create opaque authorization token.");
                }
                retrieveSubject = mapOutboundOrCreateOAT(retrieveSubject, cSIv2EffectivePerformPolicy);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Determining which SecurityContext to use (GSSUP, LTPA or KRB5).");
            }
            SecurityContextImpl determineSecurityContextType = determineSecurityContextType(retrieveSubject, cSIv2EffectivePerformPolicy, str, this.sessionMgr, sessionEntry);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting the contents of the identity token.");
            }
            IdentityToken identityToken = new IdentityToken();
            setIdentityToken(identityToken, retrieveSubject, cSIv2EffectivePerformPolicy, this.sessionMgr, sessionEntry);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting the contents of the client authentication token and EstablishContext message.");
            }
            setSecurityContext(clientRequestInfo, determineSecurityContextType, identityToken, retrieveSubject, cSIv2EffectivePerformPolicy, this.sessionMgr, sessionEntry, realmOrReturnSecurityName);
        } else if (cSIv2EffectivePerformPolicy.performTLClientAuth() && connectionData.getConnectionType() == 1) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "TLSClientAuth over SSL only, No security service returned.");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No security is required at csiv2 message and attribute layers.  No security context will be sent.");
        }
        if (cSIv2EffectivePerformPolicy.isStateful() && sessionEntry != null && j != 0) {
            this.sessionMgr.csi_client_session_status_update(j, clientSessionKey, 6);
        }
        this.csiUtil.setUnauthenticatedToNullIfNeeded();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "*** SENDING REQUEST ***");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "send_request");
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase
    public void receive_reply(ClientRequestInfo clientRequestInfo) {
        if (tc.isDebugEnabled()) {
            entry(clientRequestInfo, "receive_reply");
        }
        if (is_local_client_request(clientRequestInfo)) {
            receive_reply_local(clientRequestInfo);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "receive_reply");
                return;
            }
            return;
        }
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = this.myVault.get_effective_policy(clientRequestInfo.request_id());
        this.myVault.clear_effective_policy(clientRequestInfo.request_id());
        String name = clientRequestInfo.effective_target() != null ? clientRequestInfo.effective_target().getClass().getName() : "<unknown>";
        if (SecurityConnectionInterceptor.isSpecialNamingMethod(clientRequestInfo.operation(), name) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(clientRequestInfo.operation(), name) || (ORB.isSpecialMethod(clientRequestInfo.operation()) && !this.csiUtil.isCORBAAuthRequired())) {
            Tr.debug(tc, "Special naming method or other corba special method. Return from interceptor.");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "recieve_reply");
                return;
            }
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "*** RECEIVING REPLY ***");
        }
        if (cSIv2EffectivePerformPolicy != null) {
            SASContextBody sASContextBody = null;
            ServiceContext serviceContext = this.csiUtil.get_sc_from_reply((RequestInfo) clientRequestInfo);
            if (serviceContext != null) {
                sASContextBody = this.csiUtil.get_message_from_sc(serviceContext);
            }
            this.sessionMgr.csi_client_session_complete(sASContextBody, cSIv2EffectivePerformPolicy.isStateful(), cSIv2EffectivePerformPolicy.getStatefulContextID(), cSIv2EffectivePerformPolicy.getClientSessionKey());
            if (serviceContext != null && (cSIv2EffectivePerformPolicy.performClientAuthentication() || cSIv2EffectivePerformPolicy.performIdentityAssertion())) {
                SecurityContextImpl securityContextImpl = new com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl(this.myVault, "");
                securityContextImpl.csi_continue_security_context(clientRequestInfo, securityContextImpl);
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Effective policy is null.");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "*** MESSAGE COMPLETED ***");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "receive_reply");
        }
    }

    public void receive_reply_local(ClientRequestInfo clientRequestInfo) {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase
    public void receive_exception(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        if (tc.isDebugEnabled()) {
            entry(clientRequestInfo, "receive_exception");
        }
        if (is_local_client_request(clientRequestInfo)) {
            receive_exception_local(clientRequestInfo);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "receive_exception");
                return;
            }
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "*** RECEIVING EXCEPTION ***");
            String read_detailed_message = this.csiUtil.read_detailed_message(clientRequestInfo);
            if (!read_detailed_message.equals("")) {
                Tr.debug(tc, "The following exception was received from the server: " + read_detailed_message);
            }
        }
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = this.myVault.get_effective_policy(clientRequestInfo.request_id());
        this.myVault.clear_effective_policy(clientRequestInfo.request_id());
        if (cSIv2EffectivePerformPolicy != null) {
            SASContextBody sASContextBody = null;
            ServiceContext serviceContext = this.csiUtil.get_sc_from_reply((RequestInfo) clientRequestInfo);
            if (serviceContext != null) {
                sASContextBody = this.csiUtil.get_message_from_sc(serviceContext);
            }
            this.sessionMgr.csi_client_session_complete_exception(sASContextBody, cSIv2EffectivePerformPolicy.isStateful(), cSIv2EffectivePerformPolicy.getClientSessionKey());
            if (clientRequestInfo.reply_status() == 1) {
                this.sessionMgr.retry(clientRequestInfo);
            }
            if (serviceContext != null && (cSIv2EffectivePerformPolicy.performClientAuthentication() || cSIv2EffectivePerformPolicy.performIdentityAssertion())) {
                SecurityContextImpl securityContextImpl = new com.ibm.ISecurityLocalObjectGSSUPImpl.SecurityContextImpl(this.myVault, "");
                securityContextImpl.csi_continue_security_context(clientRequestInfo, securityContextImpl);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "*** MESSAGE COMPLETED ***");
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Effective policy is null.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "receive_exception");
        }
    }

    public void receive_exception_local(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase
    public void receive_other(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
        if (tc.isDebugEnabled()) {
            entry(clientRequestInfo, "receive_other");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "*** RECEIVE OTHER ***");
        }
        if (is_local_client_request(clientRequestInfo)) {
            receive_other_local(clientRequestInfo);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "receive_other");
                return;
            }
            return;
        }
        String name = clientRequestInfo.effective_target() != null ? clientRequestInfo.effective_target().getClass().getName() : "<unknown>";
        if (SecurityConnectionInterceptor.isSpecialNamingMethod(clientRequestInfo.operation(), name) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(clientRequestInfo.operation(), name) || (ORB.isSpecialMethod(clientRequestInfo.operation()) && !this.csiUtil.isCORBAAuthRequired())) {
            Tr.debug(tc, "Special naming method or other corba special method. Return from interceptor.");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "receive_other");
                return;
            }
            return;
        }
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = this.myVault.get_effective_policy(clientRequestInfo.request_id());
        switch (clientRequestInfo.reply_status()) {
            case 0:
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "receive_other status: SUCCESSFUL.");
                }
                receive_reply(clientRequestInfo);
                break;
            case 3:
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "receive_other status: LOCATION_FORWARD.");
                }
                if (this.sessionMgr != null && cSIv2EffectivePerformPolicy != null) {
                    this.sessionMgr.csi_client_session_status_update(cSIv2EffectivePerformPolicy.getStatefulContextID(), cSIv2EffectivePerformPolicy.getClientSessionKey(), 7);
                    break;
                }
                break;
            default:
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "receive_other status: " + ((int) clientRequestInfo.reply_status()));
                }
                if (this.sessionMgr != null && cSIv2EffectivePerformPolicy != null) {
                    this.sessionMgr.csi_client_session_status_update(cSIv2EffectivePerformPolicy.getStatefulContextID(), cSIv2EffectivePerformPolicy.getClientSessionKey(), 7);
                    break;
                }
                break;
        }
        this.myVault.clear_effective_policy(clientRequestInfo.request_id());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "receive_other");
        }
    }

    public void receive_other_local(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    public void entry(ClientRequestInfo clientRequestInfo, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "entry", new Object[]{clientRequestInfo, str, this});
        }
        if (tc.isDebugEnabled()) {
            StringBuffer stringBuffer = new StringBuffer(100);
            stringBuffer.append("Request_id: ").append(clientRequestInfo.request_id()).append(", ");
            Object effective_target = clientRequestInfo.effective_target();
            if (effective_target != null) {
                stringBuffer.append("class: ").append(effective_target.getClass().getName()).append(", ");
            }
            stringBuffer.append("operation: ").append(clientRequestInfo.operation());
            Tr.debug(tc, stringBuffer.toString());
        }
    }
}
