package com.ibm.ws.Transaction.JTS;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.ProviderFailureException;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.ws.Transaction.JTA.Util;
import com.ibm.ws.Transaction.TransactionManagerFactory;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.rsadapter.DSConfigHelper;
import com.ibm.ws.security.audit.utils.DataHelper;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.tx.jta.TranManagerSet;
import com.ibm.ws.tx.jta.TransactionImpl;
import com.ibm.ws.tx.util.CORBAUtils;
import com.ibm.ws.wscoor.ProtocolSecurityHelper;
import com.ibm.ws.wscoor.WSCoorConstants;
import com.ibm.wsspi.security.audit.AuditOutcome;
import com.ibm.wsspi.security.audit.AuditService;
import com.ibm.wsspi.security.audit.ContextHandler;
import java.security.Principal;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.Subject;
import javax.transaction.HeuristicMixedException;
import javax.transaction.HeuristicRollbackException;
import javax.transaction.RollbackException;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INVALID_TRANSACTION;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.OBJECT_NOT_EXIST;
import org.omg.CORBA.ORB;
import org.omg.CORBA.TRANSACTION_ROLLEDBACK;
import org.omg.CORBA.UNKNOWN;
import org.omg.CORBA.portable.IDLEntity;
import org.omg.CosTransactions.HeuristicHazard;
import org.omg.CosTransactions.HeuristicMixed;
import org.omg.CosTransactions._TerminatorImplBase;

/* loaded from: input_file:com/ibm/ws/Transaction/JTS/TerminatorImpl.class */
public final class TerminatorImpl extends _TerminatorImplBase implements ResourceCallback {
    private static final TraceComponent tc = Tr.register((Class<?>) TerminatorImpl.class, WSCoorConstants.TX_TRACE_GROUP, WSCoorConstants.TX_NLS_FILE);
    private static AuditService auditService;
    private static final String progName = "Terminator";
    final ORB _orb;
    TransactionImpl _transaction;
    Subject _creator;
    String _creatorName;

    public TerminatorImpl(TransactionImpl transactionImpl) {
        this._creatorName = "";
        boolean isAnyTracingEnabled = TraceComponent.isAnyTracingEnabled();
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.entry(tc, "TerminatorImpl", new Object[]{this, transactionImpl});
        }
        this._transaction = transactionImpl;
        this._transaction.addDestroyCallback(this);
        this._orb = CORBAUtils.getORB();
        this._orb.connect(this);
        if (ProtocolSecurityHelper.isEnforceProtocolSecurity()) {
            try {
                this._creator = WSSubject.getRunAsSubject();
                if (this._creator != null) {
                    Principal principal = (Principal) this._creator.getPrincipals().toArray()[0];
                    if (principal != null) {
                        this._creatorName = principal.getName();
                    } else if (isAnyTracingEnabled && tc.isDebugEnabled()) {
                        Tr.debug(tc, "principal is null");
                    }
                } else if (isAnyTracingEnabled && tc.isDebugEnabled()) {
                    Tr.debug(tc, "runAsSubject is null");
                }
                if (auditService == null) {
                    auditService = ContextManagerFactory.getInstance().getAuditService();
                }
            } catch (WSSecurityException e) {
                FFDCFilter.processException(e, "com.ibm.ws.Transaction.JTS.TerminatorImpl.TerminatorImpl", "103", this);
            }
            if (isAnyTracingEnabled && tc.isDebugEnabled()) {
                if (this._creator != null) {
                    Tr.debug(tc, "subject", new Object[]{this._creator, this._creator.getClass().getCanonicalName()});
                } else {
                    Tr.debug(tc, "subject", this._creator);
                }
            }
        }
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.exit(tc, "TerminatorImpl");
        }
    }

    private boolean authorized() {
        Subject subject = null;
        boolean isAnyTracingEnabled = TraceComponent.isAnyTracingEnabled();
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.entry(tc, "authorized", this._creator);
        }
        boolean z = false;
        if (this._creator == null) {
            z = true;
        } else {
            try {
                subject = WSSubject.getRunAsSubject();
                if (isAnyTracingEnabled && tc.isDebugEnabled()) {
                    Tr.debug(tc, "subject", new Object[]{subject, subject.getClass().getCanonicalName()});
                }
                z = compareSubjects(this._creator, subject);
            } catch (WSSecurityException e) {
                FFDCFilter.processException(e, "com.ibm.ws.Transaction.JTS.TerminatorImpl.authorized", "134", this);
                if (isAnyTracingEnabled && tc.isDebugEnabled()) {
                    Tr.debug(tc, "authorized", e);
                }
            }
        }
        if (auditService != null) {
            doAudit(subject, z);
        }
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.exit(tc, "authorized", new Boolean(z));
        }
        return z;
    }

    private boolean compareSubjects(Subject subject, Subject subject2) {
        boolean isAnyTracingEnabled = TraceComponent.isAnyTracingEnabled();
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.entry(tc, "compareSubjects", new Object[]{subject, subject2, this});
        }
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.entry(tc, "Straight subject comparison gives: " + subject.equals(subject2));
        }
        Set<Principal> principals = subject2.getPrincipals();
        Set<Principal> principals2 = subject.getPrincipals();
        boolean z = false;
        if (principals != null && principals2 != null && principals2.equals(principals)) {
            if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                Tr.entry(tc, "Straight principals comparison gives: true");
            }
            z = true;
        }
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.exit(tc, "compareSubjects");
        }
        return z;
    }

    private void doAudit(Subject subject, boolean z) {
        boolean isAnyTracingEnabled = TraceComponent.isAnyTracingEnabled();
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.entry(tc, "doAudit", new Object[]{subject, Boolean.valueOf(z), this});
        }
        ContextHandler contextHandler = auditService.getContextHandler();
        ConcurrentHashMap concurrentHashMap = null;
        if (contextHandler == null) {
            Tr.error(tc, "security.audit.service.context.error");
            auditService.processAuditFailure("security.audit.service.context.error", null);
        }
        String str = null;
        if (subject != null) {
            str = ((Principal) subject.getPrincipals().toArray()[0]).getName();
        }
        contextHandler.buildContextObject("SESSION_CONTEXT", DataHelper.buildSessionData(null, null, null, null));
        if (z) {
            if (auditService.isEventRequired("SECURITY_AUTHZ", "SUCCESS")) {
                contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(progName, "authz", null, str, "authzSuccess", this._creatorName, "WAS", new Long(0L), null, null, null, null));
                concurrentHashMap = DataHelper.buildOutcomeData(AuditOutcome.SUCCESSFUL, new Integer(0), new Integer(0), "SUCCESS", 8L);
            }
        } else if (auditService.isEventRequired("SECURITY_AUTHZ", "DENIED")) {
            contextHandler.buildContextObject("ACCESS_CONTEXT", DataHelper.buildAccessData(progName, "authz", null, str, "authzDenied", this._creatorName, "WAS", new Long(0L), null, null, null, null));
            concurrentHashMap = DataHelper.buildOutcomeData(AuditOutcome.UNSUCCESSFUL, new Integer(-1), new Integer(-1), "DENIED", 16L);
        }
        if (concurrentHashMap != null) {
            try {
                auditService.sendEvent("SECURITY_AUTHZ", concurrentHashMap);
            } catch (ProviderFailureException e) {
                Tr.error(tc, "security.audit.service.sendevent.error", new Object[]{e});
                auditService.processAuditFailure("security.audit.service.sendevent.error", e);
            }
        }
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.exit(tc, "doAudit");
        }
    }

    @Override // org.omg.CosTransactions.TerminatorOperations
    public synchronized void commit(boolean z) throws HeuristicMixed, HeuristicHazard {
        boolean isAnyTracingEnabled = TraceComponent.isAnyTracingEnabled();
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.entry(tc, "commit");
        }
        if (!authorized()) {
            ProtocolSecurityHelper.reportAuthFailure();
            NO_PERMISSION no_permission = new NO_PERMISSION();
            if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "commit", no_permission);
            }
            throw no_permission;
        }
        if (this._transaction == null) {
            OBJECT_NOT_EXIST object_not_exist = new OBJECT_NOT_EXIST();
            if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "commit", object_not_exist);
            }
            throw object_not_exist;
        }
        try {
            this._transaction.addAssociation();
            TranManagerSet tranManagerSet = (TranManagerSet) TransactionManagerFactory.getTransactionManager();
            try {
                tranManagerSet.resume(this._transaction);
                tranManagerSet.commit();
            } catch (IllegalStateException e) {
                FFDCFilter.processException(e, "com.ibm.ws.Transaction.JTS.TerminatorImpl.commit", "144", this);
                INVALID_TRANSACTION invalid_transaction = new INVALID_TRANSACTION();
                if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                    Tr.exit(tc, "commit", new Object[]{invalid_transaction, e});
                }
                throw invalid_transaction;
            } catch (HeuristicRollbackException e2) {
                if (z) {
                    IDLEntity heuristicMixed = new HeuristicMixed();
                    if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                        Tr.exit(tc, "commit", new Object[]{heuristicMixed, e2});
                    }
                    throw heuristicMixed;
                }
            } catch (HeuristicMixedException e3) {
                if (z) {
                    IDLEntity heuristicMixed2 = new HeuristicMixed();
                    if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                        Tr.exit(tc, "commit", new Object[]{heuristicMixed2, e3});
                    }
                    throw heuristicMixed2;
                }
            } catch (RollbackException e4) {
                TRANSACTION_ROLLEDBACK transaction_rolledback = new TRANSACTION_ROLLEDBACK(0, CompletionStatus.COMPLETED_YES);
                if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                    Tr.exit(tc, "commit", new Object[]{transaction_rolledback, e4});
                }
                throw transaction_rolledback;
            } catch (Throwable th) {
                FFDCFilter.processException(th, "com.ibm.ws.Transaction.JTS.TerminatorImpl.commit", "150", this);
                UNKNOWN unknown = new UNKNOWN(th.toString());
                if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                    Tr.exit(tc, "commit", new Object[]{unknown, th});
                }
                throw unknown;
            }
            if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "commit");
            }
        } catch (Throwable th2) {
            FFDCFilter.processException(th2, "com.ibm.ws.Transaction.JTS.TerminatorImpl.commit", "106", this);
            NO_PERMISSION no_permission2 = new NO_PERMISSION();
            if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, "commit", new Object[]{no_permission2, th2});
            }
            throw no_permission2;
        }
    }

    @Override // org.omg.CosTransactions.TerminatorOperations
    public synchronized void rollback() {
        boolean isAnyTracingEnabled = TraceComponent.isAnyTracingEnabled();
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.entry(tc, DSConfigHelper.ROLLBACK);
        }
        if (!authorized()) {
            ProtocolSecurityHelper.reportAuthFailure();
            NO_PERMISSION no_permission = new NO_PERMISSION();
            if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, DSConfigHelper.ROLLBACK, no_permission);
            }
            throw no_permission;
        }
        if (this._transaction == null) {
            OBJECT_NOT_EXIST object_not_exist = new OBJECT_NOT_EXIST();
            if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, DSConfigHelper.ROLLBACK, object_not_exist);
            }
            throw object_not_exist;
        }
        try {
            this._transaction.addAssociation();
            try {
                this._transaction.rollback();
                if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                    Tr.exit(tc, DSConfigHelper.ROLLBACK);
                }
            } catch (IllegalStateException e) {
                FFDCFilter.processException(e, "com.ibm.ws.Transaction.JTS.TerminatorImpl.rollback", "186", this);
                INVALID_TRANSACTION invalid_transaction = new INVALID_TRANSACTION();
                if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                    Tr.exit(tc, DSConfigHelper.ROLLBACK, new Object[]{invalid_transaction, e});
                }
                throw invalid_transaction;
            } catch (Throwable th) {
                FFDCFilter.processException(th, "com.ibm.ws.Transaction.JTS.TerminatorImpl.rollback", Constants.SUITEB_192, this);
                UNKNOWN unknown = new UNKNOWN(th.toString());
                if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                    Tr.exit(tc, DSConfigHelper.ROLLBACK, new Object[]{unknown, th});
                }
                throw unknown;
            }
        } catch (Throwable th2) {
            FFDCFilter.processException(th2, "com.ibm.ws.Transaction.JTS.TerminatorImpl.rollback", "174", this);
            NO_PERMISSION no_permission2 = new NO_PERMISSION();
            if (isAnyTracingEnabled && tc.isEntryEnabled()) {
                Tr.exit(tc, DSConfigHelper.ROLLBACK, new Object[]{no_permission2, th2});
            }
            throw no_permission2;
        }
    }

    public String toString() {
        return Util.identity(this);
    }

    public void destroy() {
        boolean isAnyTracingEnabled = TraceComponent.isAnyTracingEnabled();
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.entry(tc, "destroy");
        }
        this._orb.disconnect(this);
        this._transaction = null;
        if (isAnyTracingEnabled && tc.isEntryEnabled()) {
            Tr.exit(tc, "destroy");
        }
    }
}
