package jeus.ejb.interop.csi;

import com.sun.corba.ee.spi.legacy.connection.Connection;
import com.sun.corba.ee.spi.legacy.interceptor.RequestInfoExt;
import java.net.InetAddress;
import java.net.Socket;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
import jeus.corba.ORBManager;
import jeus.ejb.interop.ORBReceiver;
import jeus.ejb.interop.csi.login.AnonymousCredential;
import jeus.ejb.interop.csi.login.PasswordCredential;
import jeus.ejb.interop.csi.login.X509CertificateCredential;
import jeus.security.base.AnonymousSubject;
import jeus.security.base.SecurityCommonService;
import jeus.security.base.Subject;
import jeus.security.container.ejb.EJBSecurity;
import jeus.security.resource.PrincipalImpl;
import jeus.security.spi.SecurityInstaller;
import jeus.util.logging.JeusLogger;
import jeus.util.message.JeusMessage_EJB11;
import org.omg.CORBA.Any;
import org.omg.CORBA.LocalObject;
import org.omg.CORBA.ORB;
import org.omg.CSI.CompleteEstablishContext;
import org.omg.CSI.ContextError;
import org.omg.CSI.GSS_NT_ExportedNameHelper;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.SASContextBody;
import org.omg.CSI.SASContextBodyHelper;
import org.omg.CSI.X501DistinguishedNameHelper;
import org.omg.CSI.X509CertificateChainHelper;
import org.omg.IOP.Codec;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.ServerRequestInfo;
import org.omg.PortableInterceptor.ServerRequestInterceptor;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;

/* loaded from: input_file:jeus/ejb/interop/csi/ServerSideRequestInterceptorFor5.class */
public class ServerSideRequestInterceptorFor5 extends LocalObject implements ServerRequestInterceptor, ORBReceiver {
    protected static final int SECURITY_ATTRIBUTE_SERVICE_ID = 15;
    private static final int INVALID_EVIDENCE = 1;
    private static final int INVALID_MECHANISM = 2;
    private static final int NO_CONTEXT = 4;
    private Codec codec;
    private ORB orb;
    private ThreadLocal isLogined = new ThreadLocal();
    private static final JeusLogger logger = (JeusLogger) JeusLogger.getLogger("jeus.ejb.interop.csi");
    private static String name = "csi.ServerSideRequestInterceptor";

    /* loaded from: input_file:jeus/ejb/interop/csi/ServerSideRequestInterceptorFor5$AddCredentialAction.class */
    public static class AddCredentialAction implements PrivilegedAction {
        private Set creds;
        private Object cred;

        public AddCredentialAction(Set set, Object obj) {
            this.creds = set;
            this.cred = obj;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            this.creds.add(this.cred);
            return null;
        }
    }

    public ServerSideRequestInterceptorFor5(Codec codec) {
        this.codec = codec;
    }

    @Override // jeus.ejb.interop.ORBReceiver
    public void setORB(ORB orb) {
        this.orb = orb;
    }

    public String name() {
        return name;
    }

    public void destroy() {
    }

    private SASContextBody createContextError(int i) {
        ContextError contextError = new ContextError(0L, i, 1, new byte[0]);
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.error_msg(contextError);
        return sASContextBody;
    }

    private SASContextBody createCompleteEstablishContext() {
        CompleteEstablishContext completeEstablishContext = new CompleteEstablishContext(0L, false, new byte[0]);
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.complete_msg(completeEstablishContext);
        return sASContextBody;
    }

    private ServiceContext createSvcContext(SASContextBody sASContextBody) throws Exception {
        Any create_any = this.orb.create_any();
        SASContextBodyHelper.insert(create_any, sASContextBody);
        byte[] encode_value = this.codec.encode_value(create_any);
        ServiceContext serviceContext = new ServiceContext();
        serviceContext.context_id = 15;
        serviceContext.context_data = encode_value;
        return serviceContext;
    }

    private Principal getIdentityToken(Subject subject, IdentityToken identityToken, Set set) throws Exception {
        switch (identityToken.discriminator()) {
            case 0:
                return null;
            case 1:
                addCredentialToSet(set, new AnonymousCredential());
                return new PrincipalImpl(AnonymousSubject.ANONYMOUS_PRINCIPAL_NAME);
            case 2:
                GSSUPExportName gSSUPExportName = new GSSUPExportName(GSS_NT_ExportedNameHelper.extract(this.codec.decode_value(identityToken.principal_name(), GSS_NT_ExportedNameHelper.type())));
                addCredentialToSet(set, gSSUPExportName);
                return gSSUPExportName;
            case 3:
            case 5:
            case 6:
            case 7:
            default:
                throw new CSIException(JeusMessage_EJB11._7100);
            case 4:
                DerValue[] sequence = new DerInputStream(X509CertificateChainHelper.extract(this.codec.decode_value(identityToken.certificate_chain(), X509CertificateChainHelper.type()))).getSequence(1);
                X509Certificate[] x509CertificateArr = new X509CertImpl[sequence.length];
                for (int i = 0; i < x509CertificateArr.length; i++) {
                    x509CertificateArr[i] = new X509CertImpl(sequence[i]);
                }
                addCredentialToSet(set, new X509CertificateCredential(x509CertificateArr));
                return x509CertificateArr[0].getSubjectDN();
            case 8:
                X500Name x500Name = new X500Name(X501DistinguishedNameHelper.extract(this.codec.decode_value(identityToken.dn(), X501DistinguishedNameHelper.type())));
                addCredentialToSet(set, x500Name);
                return x500Name;
        }
    }

    private void addCredentialToSet(Set set, Object obj) throws Exception {
        AccessController.doPrivileged(new AddCredentialAction(set, obj));
    }

    private Principal getClientToken(Subject subject, byte[] bArr, Set set) throws Exception {
        GSSUPInitialToken gSSUPInitialToken = new GSSUPInitialToken(this.orb, this.codec, bArr);
        authenticate(gSSUPInitialToken.getUsername(), gSSUPInitialToken.getPassword(), gSSUPInitialToken.getScope());
        addCredentialToSet(set, new PasswordCredential(gSSUPInitialToken.getUsername(), gSSUPInitialToken.getPassword(), gSSUPInitialToken.getScope()));
        return new PrincipalImpl(gSSUPInitialToken.getUsername());
    }

    public Principal getTransportPrincipal(Subject subject, ServerRequestInfo serverRequestInfo, Set set) throws Exception {
        Connection connection = ((RequestInfoExt) serverRequestInfo).connection();
        Socket socket = connection.getSocket();
        if (socket instanceof SSLSocket) {
            Certificate[] certificateArr = null;
            try {
                certificateArr = ((SSLSocket) connection.getSocket()).getSession().getPeerCertificates();
            } catch (SSLPeerUnverifiedException e) {
            }
            if (certificateArr != null) {
                X509Certificate[] x509CertificateArr = new X509Certificate[certificateArr.length];
                for (int i = 0; i < certificateArr.length; i++) {
                    x509CertificateArr[i] = (X509Certificate) certificateArr[i];
                }
                addCredentialToSet(set, new X509CertificateCredential(x509CertificateArr));
                return x509CertificateArr[0].getSubjectDN();
            }
        }
        InetAddress inetAddress = socket.getInetAddress();
        if (!ORBManager.isTrustedHost(inetAddress.getHostAddress())) {
            throw new CSIException(JeusMessage_EJB11._7101, inetAddress.getHostAddress());
        }
        addCredentialToSet(set, new AnonymousCredential());
        return new PrincipalImpl(AnonymousSubject.ANONYMOUS_PRINCIPAL_NAME);
    }

    /* JADX WARN: Can't wrap try/catch for region: R(10:1|(4:2|3|4|5)|47|48|(1:50)|51|52|53|54|(1:(0))) */
    /* JADX WARN: Code restructure failed: missing block: B:56:0x016d, code lost:
    
        r9 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:58:0x0178, code lost:
    
        if (jeus.ejb.interop.csi.ServerSideRequestInterceptorFor5.logger.isLoggable(jeus.util.message.JeusMessage_EJB11._7105_LEVEL) != false) goto L46;
     */
    /* JADX WARN: Code restructure failed: missing block: B:59:0x017b, code lost:
    
        jeus.ejb.interop.csi.ServerSideRequestInterceptorFor5.logger.log(jeus.util.message.JeusMessage_EJB11._7105_LEVEL, jeus.util.message.JeusMessage_EJB11._7105, r9);
     */
    /* JADX WARN: Removed duplicated region for block: B:50:0x0145  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void receive_request(org.omg.PortableInterceptor.ServerRequestInfo r6) throws org.omg.PortableInterceptor.ForwardRequest {
        /*
            Method dump skipped, instructions count: 402
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: jeus.ejb.interop.csi.ServerSideRequestInterceptorFor5.receive_request(org.omg.PortableInterceptor.ServerRequestInfo):void");
    }

    public void receive_request_service_contexts(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
    }

    public void send_reply(ServerRequestInfo serverRequestInfo) {
        try {
            unsetSecurityContext();
        } catch (Throwable th) {
            if (logger.isLoggable(JeusMessage_EJB11._7106_LEVEL)) {
                logger.log(JeusMessage_EJB11._7106_LEVEL, JeusMessage_EJB11._7106, th);
            }
        }
    }

    public void send_exception(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        try {
            unsetSecurityContext();
        } catch (Throwable th) {
            if (logger.isLoggable(JeusMessage_EJB11._7107_LEVEL)) {
                logger.log(JeusMessage_EJB11._7107_LEVEL, JeusMessage_EJB11._7107, th);
            }
        }
    }

    public void send_other(ServerRequestInfo serverRequestInfo) throws ForwardRequest {
        try {
            unsetSecurityContext();
        } catch (Throwable th) {
            if (logger.isLoggable(JeusMessage_EJB11._7108_LEVEL)) {
                logger.log(JeusMessage_EJB11._7108_LEVEL, JeusMessage_EJB11._7108, th);
            }
        }
    }

    private void authenticate(String str, String str2, String str3) throws Exception {
        EJBSecurity.authenticate(Subject.makeSubject(SecurityInstaller.getDefaultDomainName(), str, str2), false);
    }

    private void setSecurityContext(Subject subject) throws Exception {
        SecurityCommonService.loginDefault(subject, true);
        this.isLogined.set(Boolean.TRUE);
    }

    private void unsetSecurityContext() throws Exception {
        if (this.isLogined.get() != null) {
            SecurityCommonService.logout();
            this.isLogined.set(null);
        }
    }
}
