package com.ibm.ws.transport.iiop.security.config.css;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.websphere.ssl.SSLException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.csiv2.TraceConstants;
import com.ibm.ws.security.csiv2.config.ssl.SSLConfig;
import com.ibm.ws.security.csiv2.config.tss.ServerTransportAddress;
import com.ibm.ws.security.csiv2.util.SecurityServices;
import com.ibm.ws.transport.iiop.security.config.ConfigUtil;
import com.ibm.ws.transport.iiop.security.config.tss.OptionsKey;
import com.ibm.ws.transport.iiop.security.config.tss.TSSCompoundSecMechConfig;
import com.ibm.ws.transport.iiop.security.config.tss.TSSSSLTransportConfig;
import com.ibm.ws.transport.iiop.security.config.tss.TSSTransportMechConfig;
import java.io.Serializable;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Map;
import org.omg.CORBA.Any;
import org.omg.CORBA.ORB;
import org.omg.CORBA.UserException;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.SASContextBody;
import org.omg.CSI.SASContextBodyHelper;
import org.omg.CSIIOP.TransportAddress;
import org.omg.IOP.Codec;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ClientRequestInfo;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/transport/iiop/security/config/css/CSSCompoundSecMechConfig.class */
public class CSSCompoundSecMechConfig implements Serializable {
    private static final long serialVersionUID = 1;
    private static final TraceComponent tc = Tr.register(CSSCompoundSecMechConfig.class);
    private short supports;
    private short requires;
    private CSSTransportMechConfig transport_mech;
    private CSSASMechConfig as_mech;
    private CSSSASMechConfig sas_mech;
    private String cantHandleMsg;
    private final Map<ServerTransportAddress, CSSTransportMechConfig> addressTransportMechMap = new HashMap();

    public CSSTransportMechConfig getTransport_mech() {
        return this.transport_mech;
    }

    public void setTransport_mech(CSSTransportMechConfig cSSTransportMechConfig) {
        this.transport_mech = cSSTransportMechConfig;
        this.supports = (short) (this.supports | cSSTransportMechConfig.getSupports());
        this.requires = (short) (this.requires | cSSTransportMechConfig.getRequires());
    }

    public CSSASMechConfig getAs_mech() {
        return this.as_mech;
    }

    public void setAs_mech(CSSASMechConfig cSSASMechConfig) {
        this.as_mech = cSSASMechConfig;
        this.supports = (short) (this.supports | cSSASMechConfig.getSupports());
        this.requires = (short) (this.requires | cSSASMechConfig.getRequires());
    }

    public CSSSASMechConfig getSas_mech() {
        return this.sas_mech;
    }

    public void setSas_mech(CSSSASMechConfig cSSSASMechConfig) {
        this.sas_mech = cSSSASMechConfig;
        this.supports = (short) (this.supports | cSSSASMechConfig.getSupports());
        this.requires = (short) (this.requires | cSSSASMechConfig.getRequires());
    }

    public boolean canHandle(TSSCompoundSecMechConfig tSSCompoundSecMechConfig) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.debug(tc, "canHandle()", new Object[0]);
            Tr.debug(tc, "    CSS SUPPORTS: " + ConfigUtil.flags(this.supports), new Object[0]);
            Tr.debug(tc, "    CSS REQUIRES: " + ConfigUtil.flags(this.requires), new Object[0]);
            Tr.debug(tc, "    TSS SUPPORTS: " + ConfigUtil.flags(tSSCompoundSecMechConfig.getSupports()), new Object[0]);
            Tr.debug(tc, "    TSS REQUIRES: " + ConfigUtil.flags(tSSCompoundSecMechConfig.getRequires()), new Object[0]);
        }
        if (this.transport_mech.getOutboundSSLReference()) {
            return extractSSLTransportForEachAddress(tSSCompoundSecMechConfig);
        }
        if ((this.supports & tSSCompoundSecMechConfig.getRequires()) != tSSCompoundSecMechConfig.getRequires()) {
            buildSupportsFailedMsg(tSSCompoundSecMechConfig);
            return false;
        }
        if ((this.requires & tSSCompoundSecMechConfig.getSupports()) != this.requires) {
            buildRequiresFailedMsg(tSSCompoundSecMechConfig);
            return false;
        }
        if (!this.transport_mech.canHandle(tSSCompoundSecMechConfig.getTransport_mech(), this.as_mech.getMechanism())) {
            this.cantHandleMsg = this.transport_mech.getCantHandleMsg();
            return false;
        }
        if (!this.as_mech.canHandle(tSSCompoundSecMechConfig.getAs_mech())) {
            buildAsFailedMsg(tSSCompoundSecMechConfig);
            return false;
        }
        if (this.sas_mech.canHandle(tSSCompoundSecMechConfig.getSas_mech(), this.as_mech.getMechanism())) {
            return true;
        }
        this.cantHandleMsg = this.sas_mech.getCantHandleMsg();
        return false;
    }

    private boolean extractSSLTransportForEachAddress(TSSCompoundSecMechConfig tSSCompoundSecMechConfig) {
        TSSTransportMechConfig transport_mech = tSSCompoundSecMechConfig.getTransport_mech();
        if (!(transport_mech instanceof TSSSSLTransportConfig)) {
            return false;
        }
        TransportAddress[] transportAddresses = ((TSSSSLTransportConfig) transport_mech).getTransportAddresses();
        if (transportAddresses.length == 0) {
            return false;
        }
        for (TransportAddress transportAddress : transportAddresses) {
            short s = transportAddress.port;
            String str = transportAddress.host_name;
            short s2 = this.supports;
            short s3 = this.requires;
            try {
                str = InetAddress.getByName(str).getCanonicalHostName();
            } catch (UnknownHostException e) {
                FFDCFilter.processException(e, "com.ibm.ws.transport.iiop.security.config.css.CSSCompoundSecMechConfig", "166", this, new Object[]{tSSCompoundSecMechConfig});
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "get sslConfig for target " + str + ":" + ((int) s), new Object[0]);
            }
            SSLConfig sSLConfig = SecurityServices.getSSLConfig();
            try {
                String sSLAlias = sSLConfig.getSSLAlias(str, s);
                OptionsKey associationOptions = sSLConfig.getAssociationOptions(sSLAlias);
                CSSSSLTransportConfig cSSSSLTransportConfig = new CSSSSLTransportConfig();
                if (associationOptions != null) {
                    cSSSSLTransportConfig.setSupports(associationOptions.supports);
                    cSSSSLTransportConfig.setRequires(associationOptions.requires);
                }
                if ((((short) (s2 | cSSSSLTransportConfig.getSupports())) & tSSCompoundSecMechConfig.getRequires()) != tSSCompoundSecMechConfig.getRequires()) {
                    buildSupportsFailedMsg(tSSCompoundSecMechConfig);
                } else {
                    short requires = (short) (s3 | cSSSSLTransportConfig.getRequires());
                    if ((requires & tSSCompoundSecMechConfig.getSupports()) != requires) {
                        buildRequiresFailedMsg(tSSCompoundSecMechConfig);
                    } else if (!cSSSSLTransportConfig.canHandle(tSSCompoundSecMechConfig.getTransport_mech(), this.as_mech.getMechanism())) {
                        this.cantHandleMsg = cSSSSLTransportConfig.getCantHandleMsg();
                    } else if (!this.as_mech.canHandle(tSSCompoundSecMechConfig.getAs_mech())) {
                        buildAsFailedMsg(tSSCompoundSecMechConfig);
                    } else if (!this.sas_mech.canHandle(tSSCompoundSecMechConfig.getSas_mech(), this.as_mech.getMechanism())) {
                        this.cantHandleMsg = this.sas_mech.getCantHandleMsg();
                    } else if (sSLAlias != null) {
                        cSSSSLTransportConfig.setSslConfigName(sSLAlias);
                        this.addressTransportMechMap.put(new ServerTransportAddress(transportAddress), cSSSSLTransportConfig);
                    }
                }
            } catch (SSLException e2) {
                FFDCFilter.processException(e2, "com.ibm.ws.transport.iiop.security.config.css.CSSCompoundSecMechConfig", "217", this, new Object[]{tSSCompoundSecMechConfig});
            }
        }
        return !this.addressTransportMechMap.isEmpty();
    }

    private void buildSupportsFailedMsg(TSSCompoundSecMechConfig tSSCompoundSecMechConfig) {
        if (this.as_mech.getMechanism().equalsIgnoreCase("DISABLED")) {
            this.cantHandleMsg = TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "CSIv2_CLIENT_COMPATIBLE_ALL_LAYERS_SUPPORTS_NO_AUTH_FAILED", new Object[]{ConfigUtil.flags(this.supports), ConfigUtil.flags(tSSCompoundSecMechConfig.getRequires())}, "CWWKS9552E: The client security policy has the transport and attribute layers configured with <{0}> as Supported in the server.xml file and the server security policy is configured with <{1}> as Required.");
        } else {
            this.cantHandleMsg = TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "CSIv2_CLIENT_COMPATIBLE_ALL_LAYERS_SUPPORTS_FAILED", new Object[]{this.as_mech.getMechanism(), ConfigUtil.flags(this.supports), ConfigUtil.flags(tSSCompoundSecMechConfig.getRequires())}, "CWWKS9551E: The client security policy has the transport, authentication and attribute layers configured for <{0}> with <{1}> as Supported in the server.xml file and the server security policy is configured with <{2}> as Required.");
        }
    }

    private void buildRequiresFailedMsg(TSSCompoundSecMechConfig tSSCompoundSecMechConfig) {
        if (this.as_mech.getMechanism().equalsIgnoreCase("DISABLED")) {
            this.cantHandleMsg = TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "CSIv2_CLIENT_COMPATIBLE_ALL_LAYERS_REQUIRES_NO_AUTH_FAILED", new Object[]{ConfigUtil.flags(this.requires), ConfigUtil.flags(tSSCompoundSecMechConfig.getSupports())}, "CWWKS9554E: The client security policy has the transport and attribute layers configured with <{0}> as Required in the server.xml file and the server security policy is configured with <{1}> as Supported.");
        } else {
            this.cantHandleMsg = TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "CSIv2_CLIENT_COMPATIBLE_ALL_LAYERS_REQUIRES_FAILED", new Object[]{this.as_mech.getMechanism(), ConfigUtil.flags(this.requires), ConfigUtil.flags(tSSCompoundSecMechConfig.getSupports())}, "CWWKS9553E: The client security policy has the transport, authentication and attribute layers configured for <{0}> with <{1}> as Required in the server.xml file and the server security policy is configured with <{2}> as Supported.");
        }
    }

    private void buildAsFailedMsg(TSSCompoundSecMechConfig tSSCompoundSecMechConfig) {
        String mechanism = this.as_mech.getMechanism();
        String mechanism2 = tSSCompoundSecMechConfig.getAs_mech().getMechanism();
        if (mechanism.equalsIgnoreCase("DISABLED")) {
            this.cantHandleMsg = TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "CSIv2_CLIENT_COMPATIBLE_AUTTH_CLIENT_DISABLED_FAILED", new Object[]{mechanism2}, "CWWKS9566E: The client security policy authentication layer is disabled in the server.xml file and the server security policy authentication layer is configured with mechanism {0}.");
        } else if (mechanism2.equalsIgnoreCase("DISABLED")) {
            this.cantHandleMsg = TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "CSIv2_CLIENT_COMPATIBLE_AUTH_SERVER_DISABLED_FAILED", new Object[]{mechanism}, "CWWKS9567E: The client security policy has the authentication layer configured with mechanism {0} in the server.xml file and the server security policy authentication layer is disabled.");
        } else {
            this.cantHandleMsg = TraceNLS.getFormattedMessage(getClass(), TraceConstants.MESSAGE_BUNDLE, "CSIv2_CLIENT_COMPATIBLE_AUTH_MECHANISMS_FAILED", new Object[]{mechanism, mechanism2}, "CWWKS9565E: The client security policy has the authentication layer configured with mechanism {0} in the server.xml file and the server security policy configured with mechanism {1}.");
        }
    }

    @Trivial
    public String getCantHandleMsg() {
        return this.cantHandleMsg;
    }

    public ServiceContext generateServiceContext(Codec codec, TSSCompoundSecMechConfig tSSCompoundSecMechConfig, ClientRequestInfo clientRequestInfo) throws UserException {
        if ((this.as_mech instanceof CSSNULLASMechConfig) && this.sas_mech.isAssertingITTAbsent(tSSCompoundSecMechConfig.getSas_mech())) {
            return null;
        }
        EstablishContext establishContext = new EstablishContext();
        establishContext.client_context_id = 0L;
        establishContext.client_authentication_token = this.as_mech.encode(tSSCompoundSecMechConfig.getAs_mech(), this.sas_mech, clientRequestInfo, codec);
        establishContext.authorization_token = this.sas_mech.encodeAuthorizationElement();
        establishContext.identity_token = this.sas_mech.encodeIdentityToken(tSSCompoundSecMechConfig.getSas_mech(), codec);
        ServiceContext serviceContext = new ServiceContext();
        SASContextBody sASContextBody = new SASContextBody();
        sASContextBody.establish_msg(establishContext);
        Any create_any = ORB.init().create_any();
        SASContextBodyHelper.insert(create_any, sASContextBody);
        serviceContext.context_data = codec.encode_value(create_any);
        serviceContext.context_id = 15;
        return serviceContext;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString("", sb);
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Trivial
    public void toString(String str, StringBuilder sb) {
        String str2 = str + "  ";
        sb.append(str).append("CSSCompoundSecMechConfig: [\n");
        sb.append(str2).append("SUPPORTS: ").append(ConfigUtil.flags(this.supports)).append("\n");
        sb.append(str2).append("REQUIRES: ").append(ConfigUtil.flags(this.requires)).append("\n");
        if (this.transport_mech != null) {
            this.transport_mech.toString(str2, sb);
        }
        if (this.as_mech != null) {
            this.as_mech.toString(str2, sb);
        }
        if (this.sas_mech != null) {
            this.sas_mech.toString(str2, sb);
        }
        sb.append(str).append("]\n");
    }

    public Map<ServerTransportAddress, CSSTransportMechConfig> getTransportMechMap() {
        return this.addressTransportMechMap;
    }

    public String getSSLCfgForTransportAddress(TransportAddress transportAddress) {
        return this.addressTransportMechMap.isEmpty() ? this.transport_mech.getSslConfigName() : this.addressTransportMechMap.get(new ServerTransportAddress(transportAddress)).getSslConfigName();
    }
}
