package com.ibm.ws.sib.trm.attach;

import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.sib.exception.SIErrorException;
import com.ibm.websphere.sib.exception.SIIncorrectCallException;
import com.ibm.websphere.sib.exception.SINotPossibleInCurrentConfigurationException;
import com.ibm.websphere.sib.exception.SIResourceException;
import com.ibm.websphere.sib.management.SibNotificationConstants;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.sib.admin.JsAdminService;
import com.ibm.ws.sib.admin.JsBus;
import com.ibm.ws.sib.admin.JsConstants;
import com.ibm.ws.sib.admin.JsEngineComponentWithEventListener;
import com.ibm.ws.sib.admin.JsMessagingEngine;
import com.ibm.ws.sib.admin.RuntimeEventListener;
import com.ibm.ws.sib.admin.SIBExceptionBusNotFound;
import com.ibm.ws.sib.comms.ClientConnection;
import com.ibm.ws.sib.comms.ConnectionMetaData;
import com.ibm.ws.sib.mfp.mqinterop.BipRfc;
import com.ibm.ws.sib.mfp.trm.TrmClientAttachReply;
import com.ibm.ws.sib.mfp.trm.TrmClientAttachRequest;
import com.ibm.ws.sib.mfp.trm.TrmClientBootstrapReply;
import com.ibm.ws.sib.mfp.trm.TrmClientBootstrapRequest;
import com.ibm.ws.sib.mfp.trm.TrmFirstContactMessage;
import com.ibm.ws.sib.mfp.trm.TrmFirstContactMessageType;
import com.ibm.ws.sib.mfp.trm.TrmMessageFactory;
import com.ibm.ws.sib.processor.SIMPConstants;
import com.ibm.ws.sib.security.auth.AuthUtils;
import com.ibm.ws.sib.security.auth.AuthUtilsFactory;
import com.ibm.ws.sib.security.auth.SIBAccessControlException;
import com.ibm.ws.sib.security.auth.SIBAccessControlFactory;
import com.ibm.ws.sib.security.auth.SibLogin;
import com.ibm.ws.sib.security.auth.SibLoginFactory;
import com.ibm.ws.sib.trm.TrmConstants;
import com.ibm.ws.sib.trm.TrmConstantsImpl;
import com.ibm.ws.sib.trm.TrmMeMainImpl;
import com.ibm.ws.sib.trm.client.FailedTargetMessagingEngine;
import com.ibm.ws.sib.trm.client.LocalConnectScope;
import com.ibm.ws.sib.trm.client.LocalTargetMessagingEngine;
import com.ibm.ws.sib.trm.client.RemoteTargetMessagingEngine;
import com.ibm.ws.sib.trm.client.TargetMessagingEngine;
import com.ibm.ws.sib.trm.client.TargetMessagingEngineResolver;
import com.ibm.ws.sib.trm.client.Utils;
import com.ibm.ws.sib.trm.wlm.client.Select;
import com.ibm.ws.sib.utils.ras.SibTr;
import com.ibm.ws.sib.wsn.WSNConstants;
import com.ibm.wsspi.channel.framework.CFEndPoint;
import com.ibm.wsspi.sib.core.SICoreConnection;
import com.ibm.wsspi.sib.core.SICoreConnectionFactory;
import com.ibm.wsspi.sib.core.exception.SIAuthenticationException;
import com.ibm.wsspi.sib.core.exception.SIConnectionLostException;
import com.ibm.wsspi.sib.core.exception.SILimitExceededException;
import com.ibm.wsspi.sib.core.exception.SINotAuthorizedException;
import com.ibm.wsspi.sib.core.trm.SibTrmConstants;
import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Properties;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/sib/trm/attach/ClientHandShake.class */
final class ClientHandShake {
    public static final String $sccsid = "@(#) 1.113 SIB/ws/code/sib.trm.impl/src/com/ibm/ws/sib/trm/attach/ClientHandShake.java, SIB.trm, WAS855.SIB, cf111646.01 09/03/20 11:24:41 [11/14/16 15:57:47]";
    private static final String className = ClientHandShake.class.getName();
    private static final TraceComponent tc = SibTr.register(className, TrmConstants.MSG_GROUP, TrmConstants.MSG_BUNDLE);
    private static final TraceNLS nls = TraceNLS.getTraceNLS(TrmConstants.MSG_BUNDLE);
    private static SibLogin sibLogin = SibLoginFactory.getInstance().createNewSibLogin();
    private static AuthUtils authUtils = AuthUtilsFactory.getInstance().getAuthUtils();
    private static JsAdminService jsas;

    public byte[] handShake(ClientConnection clientConnection, byte[] bArr) {
        TrmMessageFactory trmMessageFactory;
        TrmFirstContactMessage createInboundTrmFirstContactMessage;
        TrmFirstContactMessageType messageType;
        byte[] token;
        String tokenType;
        byte[] byteArray;
        boolean z = true;
        byte[] bArr2 = new byte[0];
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "handShake", new Object[]{clientConnection, bArr});
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            SibTr.debug(tc, Utils.inBound("client attach request"));
        }
        try {
            trmMessageFactory = TrmMessageFactory.getInstance();
            createInboundTrmFirstContactMessage = trmMessageFactory.createInboundTrmFirstContactMessage(bArr, 0, bArr.length);
            messageType = createInboundTrmFirstContactMessage.getMessageType();
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                SibTr.debug(tc, "Received " + messageType.toString() + " msg");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, className + ".handShake", "19", this);
            SibTr.exception(tc, e);
        }
        if (messageType != TrmFirstContactMessageType.CLIENT_BOOTSTRAP_REQUEST) {
            if (messageType == TrmFirstContactMessageType.CLIENT_ATTACH_REQUEST) {
                TrmClientAttachRequest makeInboundTrmClientAttachRequest = createInboundTrmFirstContactMessage.makeInboundTrmClientAttachRequest();
                TrmClientAttachReply createNewTrmClientAttachReply = trmMessageFactory.createNewTrmClientAttachReply();
                String busName = makeInboundTrmClientAttachRequest.getBusName();
                String credentialType = makeInboundTrmClientAttachRequest.getCredentialType();
                String userid = makeInboundTrmClientAttachRequest.getUserid();
                String password = makeInboundTrmClientAttachRequest.getPassword();
                String subnetName = makeInboundTrmClientAttachRequest.getSubnetName();
                String meName = makeInboundTrmClientAttachRequest.getMeName();
                if (credentialType.equals(TrmConstantsImpl.CREDENTIAL_SUBJECT) || (!clientConnection.getMetaData().isTrusted() && credentialType.equals(TrmConstantsImpl.CREDENTIAL_SIB_SUBJECT))) {
                    token = makeInboundTrmClientAttachRequest.getToken();
                    tokenType = makeInboundTrmClientAttachRequest.getTokenType();
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        SibTr.debug(tc, "WAS or SIB Server Subject, extracted token: " + Arrays.toString(token) + ", tokentype: " + tokenType);
                    }
                } else {
                    token = null;
                    tokenType = null;
                }
                String chainName = clientConnection.getMetaData().getChainName();
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "inboundTransportChain: " + chainName);
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "bus=" + busName + ",userid=" + userid + ",subnet=" + subnetName + ",name=" + meName);
                }
                if (1 != 0) {
                    try {
                        JsBus jsBus = null;
                        if (null == jsas) {
                            jsas = JsAdminService.getInstance();
                        }
                        if (jsas != null && jsas.isInitialized()) {
                            jsBus = jsas.getBus(busName);
                        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            SibTr.debug(tc, "Couldn't acquire the bus because the JSAdminService was unavailable");
                        }
                        if (null == jsBus) {
                            throw new SIBExceptionBusNotFound(busName);
                        }
                    } catch (SIBExceptionBusNotFound e2) {
                        createNewTrmClientAttachReply.setReturnCode(-1);
                        ArrayList arrayList = new ArrayList();
                        arrayList.add("BUS_NOT_FOUND_CWSIT0086");
                        arrayList.add(busName);
                        createNewTrmClientAttachReply.setFailureReason(arrayList);
                        z = false;
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            SibTr.debug(tc, "Bus not found: " + busName);
                        }
                    }
                }
                if (z && !authUtils.isPermittedChain(busName, chainName)) {
                    createNewTrmClientAttachReply.setReturnCode(-7);
                    ArrayList arrayList2 = new ArrayList();
                    arrayList2.add("INBOUND_CHAIN_NOT_PERMITTED_CWSIT0092");
                    arrayList2.add(busName);
                    arrayList2.add(chainName);
                    createNewTrmClientAttachReply.setFailureReason(arrayList2);
                    z = false;
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        SibTr.debug(tc, "Inbound chain not permitted");
                    }
                }
                JsMessagingEngine jsMessagingEngine = null;
                Subject subject = null;
                if (z) {
                    Enumeration enumeration = null;
                    if (null == jsas) {
                        jsas = JsAdminService.getInstance();
                    }
                    if (jsas != null && jsas.isInitialized()) {
                        enumeration = jsas.listMessagingEngines(busName);
                    } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        SibTr.debug(tc, "Couldn't list the messaging engines because the JSAdminService was unavailable");
                    }
                    while (enumeration != null && enumeration.hasMoreElements() && jsMessagingEngine == null) {
                        JsMessagingEngine jsMessagingEngine2 = (JsMessagingEngine) enumeration.nextElement();
                        TrmMeMainImpl trmMeMainImpl = (TrmMeMainImpl) jsMessagingEngine2.getEngineComponent(JsConstants.SIB_CLASS_TO_ENGINE);
                        if (trmMeMainImpl.isStarted() && trmMeMainImpl.getName().equals(meName) && trmMeMainImpl.getSubnet().equals(subnetName)) {
                            jsMessagingEngine = jsMessagingEngine2;
                        }
                    }
                    try {
                        subject = authenticate(clientConnection, busName, credentialType, token, tokenType, userid, password);
                        if (subject == null) {
                            prepareFailure(createNewTrmClientAttachReply, busName, userid, -9);
                            issueAuthenticationFailedEvent(busName, userid, jsMessagingEngine);
                            z = false;
                        }
                    } catch (Exception e3) {
                        FFDCFilter.processException(e3, "com.ibm.ws.sib.trm.attach.ClientHandShake.handShake", "730", this);
                        createNewTrmClientAttachReply.setReturnCode(-1);
                        ArrayList arrayList3 = new ArrayList();
                        arrayList3.add("TEMPORARY_CWSIT9999");
                        arrayList3.add("InternalFailureException");
                        createNewTrmClientAttachReply.setFailureReason(arrayList3);
                        z = false;
                    }
                    if (z && jsMessagingEngine == null) {
                        if (checkBusAccess(subject, busName, userid)) {
                            createNewTrmClientAttachReply.setReturnCode(-2);
                            ArrayList arrayList4 = new ArrayList();
                            arrayList4.add("NOT_FOUND_CWSIT0021");
                            arrayList4.add(meName);
                            arrayList4.add(busName);
                            createNewTrmClientAttachReply.setFailureReason(arrayList4);
                            z = false;
                            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                                SibTr.debug(tc, "No suitable messaging engine found");
                            }
                        } else {
                            prepareFailure(createNewTrmClientAttachReply, busName, userid, -6);
                            issueAuthorizationFailedEvent(busName, userid, jsMessagingEngine);
                            z = false;
                        }
                    }
                }
                if (z) {
                    SibTr.push(jsMessagingEngine);
                    SICoreConnectionFactory sICoreConnectionFactory = (SICoreConnectionFactory) jsMessagingEngine.getMessageProcessor();
                    SICoreConnection sICoreConnection = null;
                    Exception exc = null;
                    HashMap hashMap = null;
                    ConnectionMetaData metaData = clientConnection.getMetaData();
                    if (metaData != null) {
                        hashMap = new HashMap();
                        hashMap.put(SIMPConstants.DEPLOYMENT_TARGET_CELL_NAME, metaData.getRemoteCellName());
                        hashMap.put(SIMPConstants.DEPLOYMENT_TARGET_NODE_NAME, metaData.getRemoteNodeName());
                        hashMap.put(SIMPConstants.DEPLOYMENT_TARGET_APPLICATION_SERVER_NAME, metaData.getRemoteServerName());
                        hashMap.put(SIMPConstants.DEPLOYMENT_TARGET_CLUSTER_NAME, metaData.getRemoteClusterName());
                    }
                    try {
                        try {
                            try {
                                try {
                                    sICoreConnection = sICoreConnectionFactory.createConnection(subject, hashMap);
                                } catch (SIAuthenticationException e4) {
                                    FFDCFilter.processException(e4, className + ".handShake", "17", this);
                                    createNewTrmClientAttachReply.setReturnCode(-9);
                                    exc = e4;
                                } catch (SIConnectionLostException e5) {
                                    FFDCFilter.processException(e5, className + ".handShake", "10", this);
                                    createNewTrmClientAttachReply.setReturnCode(-3);
                                    exc = e5;
                                }
                            } catch (SINotAuthorizedException e6) {
                                FFDCFilter.processException(e6, className + ".handShake", "14", this);
                                createNewTrmClientAttachReply.setReturnCode(-6);
                                exc = e6;
                            } catch (Exception e7) {
                                FFDCFilter.processException(e7, className + ".handShake", "18", this);
                                createNewTrmClientAttachReply.setReturnCode(-1);
                                exc = e7;
                            }
                        } catch (SIIncorrectCallException e8) {
                            FFDCFilter.processException(e8, className + ".handShake", "16", this);
                            createNewTrmClientAttachReply.setReturnCode(-8);
                            exc = e8;
                        } catch (SILimitExceededException e9) {
                            FFDCFilter.processException(e9, className + ".handShake", "11", this);
                            createNewTrmClientAttachReply.setReturnCode(-4);
                            exc = e9;
                        }
                    } catch (SIErrorException e10) {
                        FFDCFilter.processException(e10, className + ".handShake", "13", this);
                        createNewTrmClientAttachReply.setReturnCode(-5);
                        exc = e10;
                    } catch (SINotPossibleInCurrentConfigurationException e11) {
                        FFDCFilter.processException(e11, className + ".handShake", "15", this);
                        createNewTrmClientAttachReply.setReturnCode(-7);
                        exc = e11;
                    } catch (SIResourceException e12) {
                        FFDCFilter.processException(e12, className + ".handShake", "12", this);
                        createNewTrmClientAttachReply.setReturnCode(-2);
                        exc = e12;
                    }
                    if (exc != null) {
                        SibTr.exception(tc, exc);
                        ArrayList arrayList5 = new ArrayList();
                        arrayList5.add("EXCEPTION_CWSIT0020");
                        arrayList5.add(jsMessagingEngine.getName());
                        arrayList5.add(jsMessagingEngine.getBusName());
                        arrayList5.add(exc.toString());
                        createNewTrmClientAttachReply.setFailureReason(arrayList5);
                    }
                    if (sICoreConnection != null) {
                        createNewTrmClientAttachReply.setReturnCode(0);
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            SibTr.debug(tc, BipRfc.MQPSCR_OK);
                        }
                        clientConnection.setSICoreConnection(sICoreConnection);
                    }
                    SibTr.pop();
                }
                bArr2 = createNewTrmClientAttachReply.encode(clientConnection);
            } else if (messageType == TrmFirstContactMessageType.CLIENT_ATTACH_REQUEST2) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, messageType + " is an unsupported first contact message");
                }
            } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                SibTr.debug(tc, "Don't recognise first contact message");
            }
            if (TraceComponent.isAnyTracingEnabled()) {
                SibTr.debug(tc, Utils.outBound("client attach reply"));
            }
            if (TraceComponent.isAnyTracingEnabled()) {
                SibTr.exit(tc, "handShake", bArr2);
            }
            return bArr2;
        }
        TrmClientBootstrapRequest makeInboundTrmClientBootstrapRequest = createInboundTrmFirstContactMessage.makeInboundTrmClientBootstrapRequest();
        TrmClientBootstrapReply createNewTrmClientBootstrapReply = trmMessageFactory.createNewTrmClientBootstrapReply();
        createNewTrmClientBootstrapReply.setEndPointData(null);
        createNewTrmClientBootstrapReply.setBusName(null);
        createNewTrmClientBootstrapReply.setSubnetName(null);
        createNewTrmClientBootstrapReply.setMessagingEngineName(null);
        String busName2 = makeInboundTrmClientBootstrapRequest.getBusName();
        String credentialType2 = makeInboundTrmClientBootstrapRequest.getCredentialType();
        String userid2 = makeInboundTrmClientBootstrapRequest.getUserid();
        String password2 = makeInboundTrmClientBootstrapRequest.getPassword();
        String targetGroupName = makeInboundTrmClientBootstrapRequest.getTargetGroupName();
        String targetGroupType = makeInboundTrmClientBootstrapRequest.getTargetGroupType();
        String targetSignificance = makeInboundTrmClientBootstrapRequest.getTargetSignificance();
        String targetTransportChain = makeInboundTrmClientBootstrapRequest.getTargetTransportChain();
        String connectionProximity = makeInboundTrmClientBootstrapRequest.getConnectionProximity();
        String connectionMode = makeInboundTrmClientBootstrapRequest.getConnectionMode();
        if (connectionMode == null) {
            connectionMode = "Normal";
        }
        String chainName2 = clientConnection.getMetaData().getChainName();
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            SibTr.debug(tc, "bootstrapTransportChain: " + chainName2);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            SibTr.debug(tc, "targetTransportChain: " + targetTransportChain);
        }
        boolean z2 = false;
        if (chainName2 != null) {
            z2 = chainName2.equals(targetTransportChain);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            SibTr.debug(tc, "bus=" + busName2 + ",credentialType=" + credentialType2 + ",userid=" + userid2 + ",target=" + targetGroupName + ",target type=" + targetGroupType + ",target significance=" + targetSignificance + ",targetTransportChain=" + targetTransportChain + ",proximity=" + connectionProximity + ",bootstrapTransportChain=" + chainName2 + ",connectionMode=" + connectionMode);
        }
        JsBus jsBus2 = null;
        if (1 != 0) {
            try {
                if (null == jsas) {
                    jsas = JsAdminService.getInstance();
                }
                if (jsas != null && jsas.isInitialized()) {
                    jsBus2 = jsas.getDefinedBus(busName2);
                } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "Couldn't acquire the bus because the JSAdminService was unavailable");
                }
                if (null == jsBus2) {
                    throw new SIBExceptionBusNotFound(busName2);
                }
            } catch (SIBExceptionBusNotFound e13) {
                createNewTrmClientBootstrapReply.setReturnCode(-1);
                ArrayList arrayList6 = new ArrayList();
                arrayList6.add("BUS_NOT_FOUND_CWSIT0086");
                arrayList6.add(busName2);
                createNewTrmClientBootstrapReply.setFailureReason(arrayList6);
                z = false;
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "Bus not found: " + busName2);
                }
            }
        }
        if (z && !jsBus2.isBootstrapAllowed()) {
            createNewTrmClientBootstrapReply.setReturnCode(-7);
            ArrayList arrayList7 = new ArrayList();
            arrayList7.add("BOOTSTRAP_NOT_PERMITTED_CWSIT0123");
            arrayList7.add(busName2);
            createNewTrmClientBootstrapReply.setFailureReason(arrayList7);
            z = false;
        }
        if (z && !authUtils.isPermittedChain(busName2, chainName2)) {
            createNewTrmClientBootstrapReply.setReturnCode(-7);
            ArrayList arrayList8 = new ArrayList();
            arrayList8.add("BOOTSTRAP_CHAIN_NOT_PERMITTED_CWSIT0090");
            arrayList8.add(busName2);
            arrayList8.add(chainName2);
            createNewTrmClientBootstrapReply.setFailureReason(arrayList8);
            z = false;
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                SibTr.debug(tc, "Bootstrap chain not permitted");
            }
        }
        TargetMessagingEngine targetMessagingEngine = null;
        Subject subject2 = null;
        if (z) {
            targetMessagingEngine = TargetMessagingEngineResolver.resolveFromWLM(busName2, targetGroupName, targetGroupType, targetSignificance, targetTransportChain, connectionProximity, LocalConnectScope.NONE, connectionMode.equals(SibTrmConstants.CONNECTION_MODE_RECOVERY), false, z2);
            try {
                subject2 = authenticate(clientConnection, busName2, credentialType2, null, null, userid2, password2);
                if (subject2 == null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        SibTr.debug(tc, "Authentication failed");
                    }
                    prepareFailure(createNewTrmClientBootstrapReply, busName2, userid2, -9);
                    z = false;
                    if (targetMessagingEngine.isLocal()) {
                        issueAuthenticationFailedEvent(busName2, userid2, ((LocalTargetMessagingEngine) targetMessagingEngine).getLocal());
                    }
                }
            } catch (Exception e14) {
                FFDCFilter.processException(e14, "com.ibm.ws.sib.trm.attach.ClientHandShake.handShake", "357", this);
                createNewTrmClientBootstrapReply.setReturnCode(-1);
                ArrayList arrayList9 = new ArrayList();
                arrayList9.add("TEMPORARY_CWSIT9999");
                arrayList9.add("InternalFailureException");
                createNewTrmClientBootstrapReply.setFailureReason(arrayList9);
                z = false;
            }
            if (z) {
                if (!checkBusAccess(subject2, busName2, userid2)) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        SibTr.debug(this, tc, "Authorization failed");
                    }
                    createNewTrmClientBootstrapReply.setReturnCode(-6);
                    prepareFailure(createNewTrmClientBootstrapReply, busName2, userid2, -6);
                    z = false;
                    if (targetMessagingEngine.isLocal()) {
                        issueAuthorizationFailedEvent(busName2, userid2, ((LocalTargetMessagingEngine) targetMessagingEngine).getLocal());
                    }
                } else if (targetMessagingEngine.isFailed()) {
                    createNewTrmClientBootstrapReply.setReturnCode(-2);
                    ArrayList arrayList10 = new ArrayList();
                    String message = targetMessagingEngine instanceof FailedTargetMessagingEngine ? ((FailedTargetMessagingEngine) targetMessagingEngine).getMessage() : "";
                    if (Select.fromBus(busName2) == null) {
                        arrayList10.add("NO_MES_STARTED_CWSIT0088");
                        arrayList10.add(busName2);
                        arrayList10.add(message);
                    } else if (authUtils.isPermittedChain(busName2, targetTransportChain)) {
                        arrayList10.add("NO_SUITABLE_ME_CWSIT0019");
                        arrayList10.add(busName2);
                        String str = "";
                        if (null != targetGroupName && !targetGroupName.equals("")) {
                            str = str + ", targetName=" + targetGroupName;
                        }
                        if (null != targetGroupType && !targetGroupType.equals("")) {
                            str = str + ", targetType=" + targetGroupType;
                        }
                        if (null != targetSignificance && !targetSignificance.equals("")) {
                            str = str + ", targetSignificance=" + targetSignificance;
                        }
                        if (null != targetTransportChain && !targetTransportChain.equals("")) {
                            str = str + ", targetTransportChain=" + targetTransportChain;
                        }
                        if (null != connectionProximity && !connectionProximity.equals("")) {
                            str = str + ", connectionProximity=" + connectionProximity;
                        }
                        if (null != connectionMode && !connectionMode.equals("")) {
                            str = str + ", connectionMode=" + connectionMode;
                        }
                        arrayList10.add(str.substring(2));
                        arrayList10.add(message);
                    } else {
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            SibTr.debug(tc, "The target transport chain " + targetTransportChain + " is not permitted on this server, so chances are it isn't permitted on the target server either");
                        }
                        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                            SibTr.debug(tc, "For reference, the original failure message is " + message);
                        }
                        createNewTrmClientBootstrapReply.setReturnCode(-7);
                        arrayList10.add("INBOUND_CHAIN_NOT_PERMITTED_CWSIT0092");
                        arrayList10.add(busName2);
                        arrayList10.add(targetTransportChain);
                    }
                    createNewTrmClientBootstrapReply.setFailureReason(arrayList10);
                    z = false;
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        SibTr.debug(tc, "No suitable messaging engine found");
                    }
                }
            }
        }
        if (z && targetMessagingEngine.isLocal()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                SibTr.debug(tc, "Staying local");
            }
            JsMessagingEngine local = ((LocalTargetMessagingEngine) targetMessagingEngine).getLocal();
            SibTr.push(local);
            SICoreConnectionFactory sICoreConnectionFactory2 = (SICoreConnectionFactory) local.getMessageProcessor();
            SICoreConnection sICoreConnection2 = null;
            Exception exc2 = null;
            HashMap hashMap2 = null;
            ConnectionMetaData metaData2 = clientConnection.getMetaData();
            if (metaData2 != null) {
                hashMap2 = new HashMap();
                hashMap2.put(SIMPConstants.DEPLOYMENT_TARGET_CELL_NAME, metaData2.getRemoteCellName());
                hashMap2.put(SIMPConstants.DEPLOYMENT_TARGET_NODE_NAME, metaData2.getRemoteNodeName());
                hashMap2.put(SIMPConstants.DEPLOYMENT_TARGET_APPLICATION_SERVER_NAME, metaData2.getRemoteServerName());
                hashMap2.put(SIMPConstants.DEPLOYMENT_TARGET_CLUSTER_NAME, metaData2.getRemoteClusterName());
            }
            try {
                try {
                    try {
                        try {
                            sICoreConnection2 = sICoreConnectionFactory2.createConnection(subject2, hashMap2);
                        } catch (SIResourceException e15) {
                            FFDCFilter.processException(e15, className + ".handShake", "3", this);
                            createNewTrmClientBootstrapReply.setReturnCode(-2);
                            exc2 = e15;
                        } catch (SIAuthenticationException e16) {
                            FFDCFilter.processException(e16, className + ".handShake", "8", this);
                            createNewTrmClientBootstrapReply.setReturnCode(-9);
                            exc2 = e16;
                        }
                    } catch (SIConnectionLostException e17) {
                        FFDCFilter.processException(e17, className + ".handShake", "1", this);
                        createNewTrmClientBootstrapReply.setReturnCode(-3);
                        exc2 = e17;
                    } catch (Exception e18) {
                        FFDCFilter.processException(e18, className + ".handShake", "9", this);
                        createNewTrmClientBootstrapReply.setReturnCode(-1);
                        exc2 = e18;
                    }
                } catch (SIIncorrectCallException e19) {
                    FFDCFilter.processException(e19, className + ".handShake", "7", this);
                    createNewTrmClientBootstrapReply.setReturnCode(-8);
                    exc2 = e19;
                } catch (SILimitExceededException e20) {
                    FFDCFilter.processException(e20, className + ".handShake", "2", this);
                    createNewTrmClientBootstrapReply.setReturnCode(-4);
                    exc2 = e20;
                }
            } catch (SIErrorException e21) {
                FFDCFilter.processException(e21, className + ".handShake", "4", this);
                createNewTrmClientBootstrapReply.setReturnCode(-5);
                exc2 = e21;
            } catch (SINotAuthorizedException e22) {
                FFDCFilter.processException(e22, className + ".handShake", "5", this);
                createNewTrmClientBootstrapReply.setReturnCode(-6);
                exc2 = e22;
            } catch (SINotPossibleInCurrentConfigurationException e23) {
                FFDCFilter.processException(e23, className + ".handShake", "6", this);
                createNewTrmClientBootstrapReply.setReturnCode(-7);
                exc2 = e23;
            }
            if (exc2 != null) {
                SibTr.exception(tc, exc2);
                ArrayList arrayList11 = new ArrayList();
                arrayList11.add("EXCEPTION_CWSIT0020");
                arrayList11.add(local.getName());
                arrayList11.add(local.getBusName());
                arrayList11.add(exc2.toString());
                createNewTrmClientBootstrapReply.setFailureReason(arrayList11);
            }
            if (sICoreConnection2 != null) {
                createNewTrmClientBootstrapReply.setReturnCode(0);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, BipRfc.MQPSCR_OK);
                }
                clientConnection.setSICoreConnection(sICoreConnection2);
            }
            SibTr.pop();
        } else if (z && targetMessagingEngine.isRemote()) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                SibTr.debug(tc, "Going remote");
            }
            RemoteTargetMessagingEngine remoteTargetMessagingEngine = (RemoteTargetMessagingEngine) targetMessagingEngine;
            CFEndPoint endPoint = remoteTargetMessagingEngine.getEndPoint();
            if (clientConnection.getMetaData().requiresNonJavaBootstrap()) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "Using Non-Java serialisation");
                }
                byteArray = endPoint.serializeToXML().getBytes(WSNConstants.WSN_CHAR_SET);
            } else {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "Using Java serialisation");
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(1024);
                new ObjectOutputStream(byteArrayOutputStream).writeObject(endPoint);
                byteArray = byteArrayOutputStream.toByteArray();
            }
            createNewTrmClientBootstrapReply.setReturnCode(1);
            createNewTrmClientBootstrapReply.setEndPointData(byteArray);
            createNewTrmClientBootstrapReply.setBusName(remoteTargetMessagingEngine.getBus());
            createNewTrmClientBootstrapReply.setSubnetName(remoteTargetMessagingEngine.getSubnet());
            createNewTrmClientBootstrapReply.setMessagingEngineName(remoteTargetMessagingEngine.getName());
        }
        bArr2 = createNewTrmClientBootstrapReply.encode(clientConnection);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            SibTr.debug(tc, Utils.outBound("client attach reply"));
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "handShake", bArr2);
        }
        return bArr2;
    }

    private void issueAuthenticationFailedEvent(String str, String str2, JsMessagingEngine jsMessagingEngine) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "issueAuthenticationFailedEvent", new Object[]{str, str2, jsMessagingEngine});
        }
        if (jsMessagingEngine != null) {
            RuntimeEventListener runtimeEventListener = ((JsEngineComponentWithEventListener) jsMessagingEngine.getMessageProcessor()).getRuntimeEventListener();
            if (jsMessagingEngine.isEventNotificationEnabled() && runtimeEventListener != null) {
                String formattedMessage = null == str2 ? nls.getFormattedMessage("FAILED_AUTHENTICATION_CWSIT0105", new Object[]{str}, (String) null) : nls.getFormattedMessage("FAILED_AUTHENTICATION_CWSIT0016", new Object[]{str2, str}, (String) null);
                Properties properties = new Properties();
                properties.put(SibNotificationConstants.KEY_OPERATION, SibNotificationConstants.OPERATION_CONNECT);
                if (str2 != null) {
                    properties.put(SibNotificationConstants.KEY_SECURITY_USERID, str2);
                    properties.put(SibNotificationConstants.KEY_SECURITY_REASON, SibNotificationConstants.SECURITY_REASON_NOT_AUTHENTICATED);
                } else {
                    properties.put(SibNotificationConstants.KEY_SECURITY_REASON, SibNotificationConstants.SECURITY_REASON_NO_USERID);
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "Issuing event notification: SIB.security.not.authenticated");
                }
                runtimeEventListener.runtimeEventOccurred(jsMessagingEngine, SibNotificationConstants.TYPE_SIB_SECURITY_NOT_AUTHENTICATED, formattedMessage, properties);
            } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                SibTr.debug(tc, "Not issuing an event notification");
            }
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            SibTr.debug(tc, "Not issuing an event notification");
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "issueAuthenticationFailedEvent");
        }
    }

    private void issueAuthorizationFailedEvent(String str, String str2, JsMessagingEngine jsMessagingEngine) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "issueAuthorizationFailedEvent", new Object[]{str, str2, jsMessagingEngine});
        }
        if (jsMessagingEngine != null) {
            RuntimeEventListener runtimeEventListener = ((JsEngineComponentWithEventListener) jsMessagingEngine.getMessageProcessor()).getRuntimeEventListener();
            if (jsMessagingEngine.isEventNotificationEnabled() && runtimeEventListener != null) {
                String formattedMessage = null == str2 ? nls.getFormattedMessage("FAILED_AUTHENTICATION_CWSIT0105", new Object[]{str}, (String) null) : nls.getFormattedMessage("FAILED_AUTHENTICATION_CWSIT0016", new Object[]{str2, str}, (String) null);
                Properties properties = new Properties();
                properties.put(SibNotificationConstants.KEY_OPERATION, SibNotificationConstants.OPERATION_CONNECT);
                if (str2 != null) {
                    properties.put(SibNotificationConstants.KEY_SECURITY_USERID, str2);
                    properties.put(SibNotificationConstants.KEY_SECURITY_REASON, SibNotificationConstants.SECURITY_REASON_NOT_AUTHORIZED);
                } else {
                    properties.put(SibNotificationConstants.KEY_SECURITY_REASON, SibNotificationConstants.SECURITY_REASON_NO_USERID);
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "Issuing event notification: SIB.security.not.authorized");
                }
                runtimeEventListener.runtimeEventOccurred(jsMessagingEngine, SibNotificationConstants.TYPE_SIB_SECURITY_NOT_AUTHORIZED, formattedMessage, properties);
            } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                SibTr.debug(tc, "Not issuing an event notification");
            }
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            SibTr.debug(tc, "Not issuing an event notification");
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "issueAuthorizationFailedEvent");
        }
    }

    private Subject authenticate(ClientConnection clientConnection, String str, String str2, byte[] bArr, String str3, String str4, String str5) {
        SSLSession sSLSession;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "authenticate", new Object[]{clientConnection, str, str2, bArr, str3, str4});
        }
        if ("".equals(str4)) {
            str4 = null;
        }
        Subject subject = null;
        if (!authUtils.isBusSecure(str) || (authUtils.isBusSecure(str) && clientConnection.getMetaData().isTrusted())) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                if (authUtils.isBusSecure(str)) {
                    SibTr.debug(tc, "Bus is secure and connection is trusted");
                } else {
                    SibTr.debug(tc, "Bus is not secure");
                }
            }
            if (str2.equals(TrmConstantsImpl.CREDENTIAL_SIB_SUBJECT)) {
                subject = authUtils.getSIBServerSubject();
            } else if (str2.equals(TrmConstantsImpl.CREDENTIAL_USER_SUBJECT)) {
                subject = sibLogin.login(str, str4, clientConnection.getMetaData());
            }
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            SibTr.debug(tc, "Bus is secure but connection is not trusted");
        }
        if (str2.equals(TrmConstantsImpl.CREDENTIAL_SUBJECT)) {
            subject = sibLogin.login(str, bArr, str3, clientConnection.getMetaData());
        }
        if (!clientConnection.getMetaData().isTrusted() && str2.equals(TrmConstantsImpl.CREDENTIAL_SIB_SUBJECT) && "LTPA".equals(str3)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                SibTr.debug(tc, "Handling SIB_SUBJECT authentication.");
            }
            if (authUtils.isBusSecure(str)) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "Bus is secure - must authenticate fully.");
                }
                subject = sibLogin.login(str, bArr, str3, clientConnection.getMetaData());
            } else {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "Bus is insecure - we don't need to login - just give back the SIBSubject.");
                }
                subject = authUtils.getSIBServerSubject();
            }
        }
        if (str2.equals(TrmConstantsImpl.CREDENTIAL_USERID_PASSWORD)) {
            Certificate[] certificateArr = null;
            if (str4 == null && (sSLSession = clientConnection.getMetaData().getSSLSession()) != null) {
                try {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        SibTr.debug(tc, "Authentication: attempting to retrieve SSL Peer certificates");
                    }
                    certificateArr = sSLSession.getPeerCertificates();
                } catch (SSLPeerUnverifiedException e) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        SibTr.debug(tc, "Authentication: Error obtaining SSL certificates >" + e + "<");
                    }
                }
            }
            if (str4 != null) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "Authentication: Login using user ID and password");
                }
                subject = sibLogin.login(str, str4, str5, clientConnection.getMetaData());
            } else if (certificateArr == null || certificateArr.length <= 0) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "Authentication: Anonymous Login using user ID and password; note that these may be null");
                }
                subject = sibLogin.login(str, str4, str5, clientConnection.getMetaData());
            } else {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(tc, "Authentication: Login using SSL Peer certificates");
                }
                subject = sibLogin.login(str, certificateArr, clientConnection.getMetaData());
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            SibTr.debug(tc, "Authentication " + (subject != null ? BipRfc.MQPSCR_OK : "failed!"));
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "authenticate", subject);
        }
        return subject;
    }

    private String getTraceString(Subject subject) {
        return subject == null ? "<null>" : "Subject " + System.identityHashCode(subject);
    }

    private boolean checkBusAccess(Subject subject, String str, String str2) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "checkBusAccess", new Object[]{getTraceString(subject), str, str2});
        }
        boolean z = false;
        if (subject != null) {
            try {
                z = SIBAccessControlFactory.getInstance().getSIBAccessControl(str).checkBusAccess(subject);
            } catch (SIBAccessControlException e) {
                FFDCFilter.processException(e, "com.ibm.ws.sib.trm.attach.ClientHandShake.authenticate", "889", this);
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    SibTr.debug(this, tc, "User " + str2 + " cannot access the bus " + str);
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                    SibTr.event(this, tc, "absorbing", e);
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            SibTr.debug(tc, "authorization of user " + str2 + " resulted in " + z);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "checkBusAccess", Boolean.valueOf(z));
        }
        return z;
    }

    private void prepareFailure(TrmClientAttachReply trmClientAttachReply, String str, String str2, int i) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "prepareFailure", new Object[]{trmClientAttachReply, str, str2, Integer.valueOf(i)});
        }
        trmClientAttachReply.setReturnCode(i);
        ArrayList arrayList = new ArrayList();
        if (i == -9) {
            if (null == str2) {
                arrayList.add("FAILED_AUTHENTICATION_CWSIT0105");
            } else {
                arrayList.add("FAILED_AUTHENTICATION_CWSIT0016");
                arrayList.add(str2);
            }
        } else if (null == str2) {
            arrayList.add("FAILED_AUTHORIZATION_CWSIT0109");
        } else {
            arrayList.add("FAILED_AUTHORIZATION_CWSIT0108");
            arrayList.add(str2);
        }
        arrayList.add(str);
        trmClientAttachReply.setFailureReason(arrayList);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "prepareFailure");
        }
    }

    private void prepareFailure(TrmClientBootstrapReply trmClientBootstrapReply, String str, String str2, int i) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "prepareFailure", new Object[]{trmClientBootstrapReply, str, str2, Integer.valueOf(i)});
        }
        trmClientBootstrapReply.setReturnCode(i);
        ArrayList arrayList = new ArrayList();
        if (i == -9) {
            if (null == str2) {
                arrayList.add("FAILED_AUTHENTICATION_CWSIT0105");
            } else {
                arrayList.add("FAILED_AUTHENTICATION_CWSIT0016");
                arrayList.add(str2);
            }
        } else if (null == str2) {
            arrayList.add("FAILED_AUTHORIZATION_CWSIT0109");
        } else {
            arrayList.add("FAILED_AUTHORIZATION_CWSIT0108");
            arrayList.add(str2);
        }
        arrayList.add(str);
        trmClientBootstrapReply.setFailureReason(arrayList);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "prepareFailure");
        }
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            SibTr.debug(tc, "Source info: @(#) 1.113 SIB/ws/code/sib.trm.impl/src/com/ibm/ws/sib/trm/attach/ClientHandShake.java, SIB.trm, WAS855.SIB, cf111646.01 09/03/20 11:24:41 [11/14/16 15:57:47]");
        }
    }
}
