package com.ibm.ws.transport.iiop.security;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.UnauthenticatedSubjectService;
import com.ibm.ws.security.csiv2.config.CompatibleMechanisms;
import com.ibm.ws.security.csiv2.util.LocationUtils;
import com.ibm.ws.security.csiv2.util.SecurityServices;
import com.ibm.ws.transport.iiop.security.config.css.CSSConfig;
import com.ibm.ws.transport.iiop.security.config.tss.TSSCompoundSecMechListConfig;
import com.ibm.ws.transport.iiop.security.util.Util;
import java.util.LinkedList;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.LocalObject;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.IOP.Codec;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.ClientRequestInterceptor;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/transport/iiop/security/ClientSecurityInterceptor.class */
final class ClientSecurityInterceptor extends LocalObject implements ClientRequestInterceptor {
    private static final TraceComponent tc = Tr.register(ClientSecurityInterceptor.class);
    private static final long serialVersionUID = 1;
    private final Codec codec;

    public ClientSecurityInterceptor(Codec codec) {
        this.codec = codec;
    }

    public void receive_exception(ClientRequestInfo clientRequestInfo) {
    }

    public void receive_other(ClientRequestInfo clientRequestInfo) {
    }

    public void receive_reply(ClientRequestInfo clientRequestInfo) {
    }

    public void send_poll(ClientRequestInfo clientRequestInfo) {
    }

    @FFDCIgnore({BAD_PARAM.class})
    public void send_request(ClientRequestInfo clientRequestInfo) {
        int request_id = clientRequestInfo.request_id();
        boolean z = TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled();
        if (z) {
            try {
                Tr.debug(tc, "Checking if target " + clientRequestInfo.operation() + " has a security policy for request id: " + request_id + ".", new Object[0]);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.transport.iiop.security.ClientSecurityInterceptor", "172", this, new Object[]{clientRequestInfo});
                buildPolicyErrorMessage("CSIv2_CLIENT_UNEXPECTED_EXCEPTION_ERROR", "CWWKS9542E: There was an unexpected exception while attempting to send an outbound CSIv2 request for request id {0}. The exception message is {1}", Integer.valueOf(request_id), e.getMessage());
                if (z) {
                    Tr.debug(tc, "There was an unexpected exception while attempting to send an outbound CSIv2 request", new Object[]{e});
                }
                if (e instanceof NO_PERMISSION) {
                    throw e;
                }
                return;
            } catch (BAD_PARAM e2) {
                if (z) {
                    Tr.debug(tc, "No security service context found for request id: " + request_id + ".", new Object[0]);
                    return;
                }
                return;
            }
        }
        TSSCompoundSecMechListConfig decodeIOR = TSSCompoundSecMechListConfig.decodeIOR(this.codec, clientRequestInfo.get_effective_component(33));
        if (z) {
            Tr.debug(tc, "Target has a security policy  for request id: " + request_id + ".", new Object[0]);
        }
        setUnauthenticatedSubjectIfNeeded();
        ClientPolicy clientPolicy = (ClientPolicy) clientRequestInfo.get_request_policy(ClientPolicyFactory.POLICY_TYPE);
        if (clientPolicy == null) {
            buildPolicyErrorMessage("CSIv2_CLIENT_POLICY_NULL_ERROR", "CWWKS9538E: The client security policy is null for request id: {0}.", Integer.valueOf(request_id));
            return;
        }
        CSSConfig config = clientPolicy.getConfig();
        if (config == null) {
            if (z) {
                Tr.debug(tc, "There is no client configuration found in the client security policy for request id: " + request_id + ".", new Object[0]);
                return;
            }
            return;
        }
        if (z) {
            Tr.debug(tc, "Client has a security policy for request id: " + request_id + ".", new Object[0]);
        }
        LinkedList<CompatibleMechanisms> findCompatibleList = config.findCompatibleList(decodeIOR);
        if (findCompatibleList.isEmpty()) {
            if (z) {
                Tr.debug(tc, "Ensure that there is a client security policy specified in the configuration file that satisfies the server security policy request id: " + request_id + ".", new Object[0]);
                return;
            }
            return;
        }
        CompatibleMechanisms next = findCompatibleList.iterator().next();
        ServiceContext generateServiceContext = next.getCSSCompoundSecMechConfig().generateServiceContext(this.codec, next.getTSSCompoundSecMechConfig(), clientRequestInfo);
        if (generateServiceContext != null) {
            if (z) {
                Tr.debug(tc, "Msg context id: " + generateServiceContext.context_id + " for request id: " + request_id + ".", new Object[0]);
                Tr.debug(tc, "Encoded msg: 0x" + Util.byteToString(generateServiceContext.context_data) + " for request id: " + request_id + ".", new Object[0]);
            }
            clientRequestInfo.add_request_service_context(generateServiceContext, true);
        } else if (z) {
            Tr.debug(tc, "No security service context found for request id " + request_id + ".", new Object[0]);
        }
    }

    private void setUnauthenticatedSubjectIfNeeded() {
        UnauthenticatedSubjectService unauthenticatedSubjectService;
        if (LocationUtils.isServer()) {
            com.ibm.ws.security.context.SubjectManager subjectManager = new com.ibm.ws.security.context.SubjectManager();
            if (subjectManager.getInvocationSubject() == null && subjectManager.getCallerSubject() == null && (unauthenticatedSubjectService = SecurityServices.getUnauthenticatedSubjectService()) != null) {
                subjectManager.setInvocationSubject(unauthenticatedSubjectService.getUnauthenticatedSubject());
            }
        }
    }

    private void buildPolicyErrorMessage(String str, String str2, Object... objArr) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isWarningEnabled()) {
            Tr.error(tc, Tr.formatMessage(tc, str, objArr), new Object[0]);
        }
    }

    public void destroy() {
    }

    public String name() {
        return "org.apache.geronimo.corba.security.ClientSecurityInterceptor";
    }
}
