package com.ibm.ISecurityLocalObjectBaseL13Impl;

import com.ibm.CORBA.channel.giop.GIOPConnectionContext;
import com.ibm.CORBA.iiop.IOR;
import com.ibm.CORBA.iiop.ORB;
import com.ibm.CORBA.iiop.Profile;
import com.ibm.CSIv2Security.CSIv2RequirementsNotSatisfied;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2TaggedComponent;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2TaggedComponentHolder;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ServerConnectionKey;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.ISecurityUtilityImpl.ServiceInit;
import com.ibm.ISecurityUtilityImpl.VaultConstants;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.channel.framework.ChainData;
import com.ibm.ws.channel.framework.impl.WSVirtualConnectionFactoryImpl;
import com.ibm.ws.connmgmt.ConnectionHandle;
import com.ibm.ws.management.cmdframework.impl.CommandSecurityUtil;
import com.ibm.ws.naming.util.C;
import com.ibm.ws.orb.transport.ConnectionData;
import com.ibm.ws.orb.transport.ConnectionDataCarrier;
import com.ibm.ws.orb.transport.ConnectionInformation;
import com.ibm.ws.orb.transport.DefaultConnectionInterceptor;
import com.ibm.ws.orb.transport.IIOPEndpointProfile;
import com.ibm.ws.orb.transport.ServerConnectionData;
import com.ibm.ws.orbimpl.transport.ConnectionInformationImpl;
import com.ibm.ws.orbimpl.transport.DefaultServerConnectionDataImpl;
import com.ibm.ws.security.config.CSIv2Config;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityConfigResource;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.orbssl.ExtendedSSLConnectionData;
import com.ibm.ws.security.orbssl.SSLConnectionData;
import com.ibm.ws.security.orbssl.SSLServerConnectionData;
import com.ibm.ws.security.orbssl.SSLServerConnectionDataImpl;
import com.ibm.ws.security.orbssl.ServerConnectionDataImpl;
import com.ibm.ws.security.util.MultiDomainHelper;
import com.ibm.ws.sm.workspace.impl.WorkSpaceConstant;
import com.ibm.ws.ssl.core.Constants;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.ws390.utility.JAVAtoCPPUtilities;
import com.ibm.wsspi.channel.framework.ChainEventListener;
import com.ibm.wsspi.channel.framework.ChannelFramework;
import com.ibm.wsspi.channel.framework.VirtualConnection;
import com.ibm.wsspi.tcp.channel.SSLConnectionContext;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Scanner;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INITIALIZE;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.Object;
import org.omg.CSIIOP.TLS_SEC_TRANSHolder;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ISecurityLocalObjectBaseL13Impl/SecurityConnectionInterceptor.class */
public class SecurityConnectionInterceptor extends DefaultConnectionInterceptor implements ChainEventListener {
    private VaultImpl vault = null;
    private ORB orb = null;
    private ChannelFramework cfw = null;
    private SSLServerConnectionData csiServerSSLConnData = null;
    private SSLServerConnectionData csiClientCertServerSSLConnData = null;
    private ServerConnectionData serverTCPConnData = null;
    private DefaultConnectionInterceptor defaultConnInt = null;
    private static boolean prefer_iiop_to_local;
    private static boolean isThinClient;
    private static Set<String> unprotectedRegistryMethods;
    public static Hashtable classNames = new Hashtable();
    private static final TraceComponent tc = Tr.register((Class<?>) SecurityConnectionInterceptor.class, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");
    private static boolean disableLocalCommWhenSSLrequired = false;

    @Override // com.ibm.ws.orb.transport.ConnectionInterceptor
    public void init(ORB orb) {
        init(orb, SecurityObjectLocator.getCSIv2Config(), SecurityObjectLocator.getSecurityConfig());
    }

    void init(ORB orb, CSIv2Config cSIv2Config, SecurityConfig securityConfig) {
        String property;
        if (orb == null) {
            throw new INTERNAL("ORB is NULL passed into Security!!!");
        }
        this.orb = orb;
        this.defaultConnInt = new DefaultConnectionInterceptor();
        this.defaultConnInt.init(this.orb);
        if (cSIv2Config.getBoolean("com.ibm.CORBA.securityEnabled")) {
            Tr.audit(tc, "security.LoadSCI");
            if (!ServiceInit.isInitialized()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Initializing ServiceInit in SCI.");
                }
                ServiceInit.getInstance().initialize(orb);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Initializing SecurityConnectionInterceptor.");
            }
            this.vault = getVault();
            if (this.vault != null) {
                SecurityObjectLocator.getCSIv2Config();
                this.vault.setSecurityConnectionInterceptor(this);
                this.vault.setORB(this.orb);
            } else {
                Tr.error(tc, "security.JSAS0010E");
            }
        }
        unprotectedRegistryMethods = new HashSet();
        if (securityConfig != null && (property = securityConfig.getProperty("com.ibm.ws.security.unprotectedUserRegistryMethods")) != null) {
            Scanner useDelimiter = new Scanner(property).useDelimiter("\\s|[,;|]");
            while (useDelimiter.hasNext()) {
                unprotectedRegistryMethods.add(useDelimiter.next());
            }
        }
        if (securityConfig != null) {
            disableLocalCommWhenSSLrequired = securityConfig.getPropertyBool(SecurityConfig.DISABLE_LOCAL_COMM_WHEN_SSL_REQUIRED, false);
        } else {
            disableLocalCommWhenSSLrequired = "true".equals(System.getProperty(SecurityConfig.DISABLE_LOCAL_COMM_WHEN_SSL_REQUIRED));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "com.ibm.ws.security.zOS.disableLocalCommWhenSSLRequired=" + disableLocalCommWhenSSLrequired);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "unprotectedRegistryMethods = " + unprotectedRegistryMethods);
        }
    }

    @Override // com.ibm.ws.orb.transport.ConnectionInterceptor
    public void notifyChainInitializationComplete(ChannelFramework channelFramework, ORB orb, List list, List list2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "notifyChainInitializationComplete", new Object[]{list, list2});
        }
        this.cfw = channelFramework;
        if (!PlatformHelperFactory.getPlatformHelper().isZOS() || PlatformHelperFactory.getPlatformHelper().isControlJvm() || PlatformHelperFactory.getPlatformHelper().isClientJvm()) {
            int i = 0;
            while (list != null) {
                try {
                    if (i >= list.size()) {
                        break;
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Adding init complete listener for secure chain: " + ((String) list.get(i)));
                    }
                    channelFramework.addChainEventListener(this, (String) list.get(i));
                    i++;
                } catch (Exception e) {
                    Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor.notifyChainInitializationComplete", "421", this);
                    Tr.debug(tc, e.toString());
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "notifyChainInitializationComplete");
        }
    }

    @Override // com.ibm.wsspi.channel.framework.ChainEventListener
    public void chainInitialized(ChainData chainData) {
    }

    @Override // com.ibm.wsspi.channel.framework.ChainEventListener
    public void chainStarted(ChainData chainData) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "chainStarted", new Object[]{chainData});
        }
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Getting listening port for chain data" + chainData.getName());
            }
            this.orb.setProperty(CSIv2Config.SSL_PORT, Integer.toString(this.cfw.getListeningPort(chainData.getName())));
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor.chainStarted", "451", this);
            Tr.debug(tc, e.toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "chainStarted");
        }
    }

    @Override // com.ibm.wsspi.channel.framework.ChainEventListener
    public void chainStopped(ChainData chainData) {
    }

    @Override // com.ibm.wsspi.channel.framework.ChainEventListener
    public void chainDestroyed(ChainData chainData) {
    }

    @Override // com.ibm.wsspi.channel.framework.ChainEventListener
    public void chainUpdated(ChainData chainData) {
    }

    protected short formCoalescedQOP(short s, short s2) {
        if (tc.isDebugEnabled()) {
            Tr.entry(tc, "formCoalescedQOP, THIS IS CALLED");
        }
        return s2;
    }

    protected short formCSIv2CoalescedQOP(short s, short s2, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy) {
        Short sh = new Short(s);
        Short sh2 = new Short(s2);
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "formCSIv2CoalescedQOP", new Object[]{sh, sh2});
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " Input to formCSIv2CoalescedQOP: targetSupports: " + ((int) s) + ", targetRequires: " + ((int) s2));
        }
        short s3 = 0;
        if (cSIv2EffectivePerformPolicy != null) {
            if (cSIv2EffectivePerformPolicy.performTLClientAuth()) {
                s3 = (short) (0 + 64);
            }
            if (cSIv2EffectivePerformPolicy.performTLServerAuth()) {
                s3 = (short) (s3 + 32);
            }
            if (cSIv2EffectivePerformPolicy.performMsgIntegrity()) {
                s3 = (short) (s3 + 2);
            }
            if (cSIv2EffectivePerformPolicy.performMsgConfidentiality()) {
                s3 = (short) (s3 + 4);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " Output from formCSIv2CoalescedQOP: targetSupports: " + ((int) s) + " targetRequires: " + ((int) s2) + " coalescedQOP: " + ((int) s3));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "formCSIv2CoalescedQOP", new Short(s3));
        }
        return s3;
    }

    protected String formConnectionKey(String str, int i, String str2, short s) {
        Integer num = new Integer(i);
        Short sh = new Short(s);
        if (str2 == null) {
            str2 = " ";
        }
        return str2.equals(VaultConstants.SSL_MECH_TYPE) ? str + ":" + num.toString() + ":IIOPSSL:" + sh.toString() : str2.equals(VaultConstants.DCE_MECH_TYPE) ? str + ":" + num.toString() + ":IIOPDCE" : str + ":" + num.toString();
    }

    @Override // com.ibm.ws.orb.transport.ConnectionInterceptor
    public Object getServerConnectionData(GIOPConnectionContext gIOPConnectionContext) {
        Map stateMap;
        String remoteHost;
        int remotePort;
        int localPort;
        VirtualConnection virtualConnection = gIOPConnectionContext.getVirtualConnection();
        ConnectionInformation connectionInformation = null;
        if (virtualConnection != null && (stateMap = virtualConnection.getStateMap()) != null) {
            connectionInformation = (ConnectionInformation) stateMap.get("CSIv2ConnectionInfo");
            if (connectionInformation == null) {
                DefaultServerConnectionDataImpl defaultServerConnectionDataImpl = new DefaultServerConnectionDataImpl();
                ConnectionHandle connectionHandle = ConnectionHandle.getConnectionHandle(virtualConnection);
                if (connectionHandle == null || !connectionHandle.getIsLocalComm()) {
                    remoteHost = gIOPConnectionContext.getRemoteHost();
                    remotePort = gIOPConnectionContext.getRemotePort();
                    localPort = gIOPConnectionContext.getLocalPort();
                } else {
                    remoteHost = connectionHandle.toString();
                    remotePort = -1;
                    localPort = -1;
                    defaultServerConnectionDataImpl.setConnectionType(4L);
                }
                defaultServerConnectionDataImpl.setRemoteHost(remoteHost);
                defaultServerConnectionDataImpl.setRemotePort(remotePort);
                defaultServerConnectionDataImpl.setLocalHost(gIOPConnectionContext.getLocalHost());
                defaultServerConnectionDataImpl.setLocalPort(localPort);
                defaultServerConnectionDataImpl.setConnectionHandle(connectionHandle);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Filter receive request GCC Information: \nConnectionHandle: " + (connectionHandle == null ? "null" : connectionHandle.toString()) + "\nisLocalComm: " + (connectionHandle != null ? connectionHandle.getIsLocalComm() : false) + "\nlocal host: " + defaultServerConnectionDataImpl.getLocalHost() + "\nlocal port: " + defaultServerConnectionDataImpl.getLocalPort() + "\nremote host: " + defaultServerConnectionDataImpl.getRemoteHost() + "\nremote port: " + defaultServerConnectionDataImpl.getRemotePort());
                }
                SSLSession sSLSession = null;
                SSLConnectionContext sSLContext = gIOPConnectionContext.getSSLContext();
                if (sSLContext != null) {
                    sSLSession = sSLContext.getSession();
                }
                X509Certificate[] x509CertificateArr = null;
                if (sSLSession != null) {
                    try {
                        x509CertificateArr = (X509Certificate[]) sSLSession.getPeerCertificates();
                    } catch (SSLPeerUnverifiedException e) {
                    }
                }
                connectionInformation = new ConnectionInformationImpl(defaultServerConnectionDataImpl, x509CertificateArr, System.currentTimeMillis(), remoteHost, remotePort);
                stateMap.put("CSIv2ConnectionInfo", connectionInformation);
            }
        }
        if (tc.isDebugEnabled()) {
            if (connectionInformation != null) {
                Tr.debug(tc, "ConnectionInformation: " + connectionInformation.toString());
            } else {
                Tr.debug(tc, "ConnectionInformation is NULL.");
            }
        }
        return connectionInformation;
    }

    @Override // com.ibm.ws.orb.transport.ConnectionInterceptor
    public byte[] getClientConnectionInfo(Object obj) {
        byte[] bArr = null;
        try {
            ConnectionInformation connectionInformation = (ConnectionInformation) obj;
            if (connectionInformation != null) {
                ConnectionData connectionData = (ConnectionData) connectionInformation.getConnectionData();
                if (connectionData != null && (connectionData instanceof ExtendedSSLConnectionData)) {
                    bArr = ((ExtendedSSLConnectionData) connectionData).getBytes();
                } else if (connectionData != null) {
                    bArr = connectionData.getConnectionKey().getBytes();
                }
            }
            return bArr;
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor.getClentConnectionInfo", "713", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting serialized connection data bytes." + e.getMessage(), new Object[]{e});
            }
            throw new INTERNAL("Could not flatten client connection data to bytes");
        }
    }

    @Override // com.ibm.ws.orb.transport.ConnectionInterceptor
    public Object getClientConnectionInfo(byte[] bArr) {
        try {
            return new ConnectionInformationImpl(bArr != null ? new ExtendedSSLConnectionData(bArr) : new ExtendedSSLConnectionData(null, 0L, (short) 0, 0, null), null, 0L, null, 0);
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor.getClientConnectionInfo(bytes)", "763", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception de-serializing connection data bytes." + e.getMessage(), new Object[]{e});
            }
            throw new INTERNAL("Could not initialize client connection data");
        }
    }

    protected IIOPEndpointProfile getLocalCommEndpointProfile(IOR ior, ConnectionDataCarrier connectionDataCarrier) {
        boolean z;
        IIOPEndpointProfile iIOPEndpointProfile = null;
        ConnectionData connectionData = connectionDataCarrier.getConnectionData();
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        byte[] taggedComponent = ior.getProfile().getTaggedComponent(1229081869);
        if (taggedComponent != null && taggedComponent.length > 0) {
            CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = null;
            boolean z2 = true;
            boolean z3 = false;
            boolean z4 = cSIv2Config.getBoolean("com.ibm.CORBA.securityEnabled");
            if (connectionData != null && (connectionData instanceof ExtendedSSLConnectionData)) {
                cSIv2EffectivePerformPolicy = ((ExtendedSSLConnectionData) connectionData).getEffectivePolicy();
                z2 = cSIv2EffectivePerformPolicy == null || !cSIv2EffectivePerformPolicy.performTLClientAuth();
            }
            if (cSIv2EffectivePerformPolicy != null) {
                z3 = cSIv2EffectivePerformPolicy.performSSLTLSrequired();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Got sslRequired=" + z3);
                }
            }
            if (disableLocalCommWhenSSLrequired && z3) {
                z2 = false;
            }
            String activeUserRegistry = connectionDataCarrier.getActiveUserRegistry();
            boolean z5 = activeUserRegistry != null && activeUserRegistry.equals("LOCALOS");
            if (disableLocalCommWhenSSLrequired) {
                z = (z2 && z4 && z5) || !z4;
            } else {
                z = !z4 || z2 || z5;
            }
            if (z) {
                ExtendedSSLConnectionData extendedSSLConnectionData = new ExtendedSSLConnectionData(null, 4L, (short) 0, 0, cSIv2EffectivePerformPolicy);
                extendedSSLConnectionData.setAltConnectionData(taggedComponent);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Localcomm tag found, LSIP data is: " + taggedComponent);
                }
                iIOPEndpointProfile = new IIOPEndpointProfile(ior, VaultConstants.IIOP_LOCALCOMM_OUT, extendedSSLConnectionData);
            }
        }
        return iIOPEndpointProfile;
    }

    protected IIOPEndpointProfile[] getUnsecureIIOPProfiles(IOR ior, String str, String str2) {
        IIOPEndpointProfile[] iIOPEndpointProfiles = this.defaultConnInt.getIIOPEndpointProfiles(ior, str, str2);
        if (iIOPEndpointProfiles != null && iIOPEndpointProfiles.length > 0) {
            ConnectionData connectionData = iIOPEndpointProfiles[0].getConnectionData();
            ConnectionDataCarrier connectionDataCarrier = new ConnectionDataCarrier();
            connectionDataCarrier.setConnectionData(connectionData);
            IIOPEndpointProfile localCommEndpointProfile = getLocalCommEndpointProfile(ior, connectionDataCarrier);
            if (localCommEndpointProfile != null) {
                IIOPEndpointProfile[] iIOPEndpointProfileArr = new IIOPEndpointProfile[iIOPEndpointProfiles.length + 1];
                if (prefer_iiop_to_local) {
                    System.arraycopy(iIOPEndpointProfiles, 0, iIOPEndpointProfileArr, 0, iIOPEndpointProfiles.length);
                    iIOPEndpointProfileArr[iIOPEndpointProfiles.length] = localCommEndpointProfile;
                } else {
                    iIOPEndpointProfileArr[0] = localCommEndpointProfile;
                    System.arraycopy(iIOPEndpointProfiles, 0, iIOPEndpointProfileArr, 1, iIOPEndpointProfiles.length);
                }
                iIOPEndpointProfiles = iIOPEndpointProfileArr;
            }
        }
        return iIOPEndpointProfiles;
    }

    @Override // com.ibm.ws.orb.transport.DefaultConnectionInterceptor, com.ibm.ws.orb.transport.ConnectionInterceptor
    public IIOPEndpointProfile[] getIIOPEndpointProfiles(IOR ior, String str, String str2) {
        String connectionKey;
        if (ior == null) {
            return null;
        }
        if (!SecurityObjectLocator.getCSIv2Config().getBoolean("com.ibm.CORBA.securityEnabled")) {
            return getUnsecureIIOPProfiles(ior, str, str2);
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getIIOPEndpointProfiles", new Object[]{ior, str, str2});
        }
        Profile profile = ior.getProfile();
        ConnectionDataCarrier connectionDataCarrier = new ConnectionDataCarrier();
        if (!getConnectionKey(profile, 0, ior, str, str2, connectionDataCarrier)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Security could not obtain a valid ConnectionKey.");
            }
            throw new NO_PERMISSION("Security could not obtain a valid ConnectionKey.");
        }
        ConnectionData connectionData = connectionDataCarrier.getConnectionData();
        String chainName = super.getChainName(this.orb, 2L);
        if (connectionData != null && (connectionKey = connectionData.getConnectionKey()) != null && connectionKey.indexOf("IIOPSSL") != -1) {
            chainName = super.getChainName(this.orb, 1L);
        }
        IIOPEndpointProfile iIOPEndpointProfile = new IIOPEndpointProfile(ior, chainName, connectionData);
        IIOPEndpointProfile localCommEndpointProfile = getLocalCommEndpointProfile(ior, connectionDataCarrier);
        IIOPEndpointProfile[] iIOPEndpointProfileArr = localCommEndpointProfile != null ? prefer_iiop_to_local ? new IIOPEndpointProfile[]{iIOPEndpointProfile, localCommEndpointProfile} : new IIOPEndpointProfile[]{localCommEndpointProfile, iIOPEndpointProfile} : new IIOPEndpointProfile[]{iIOPEndpointProfile};
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "IIOP endpoint profile(s): " + (iIOPEndpointProfileArr == null ? "null" : iIOPEndpointProfileArr.toString()));
            Tr.exit(tc, "getIIOPEndpointProfiles");
        }
        return iIOPEndpointProfileArr;
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.ibm.ws.orb.transport.DefaultConnectionInterceptor, com.ibm.ws.orb.transport.ConnectionInterceptor
    public boolean getConnectionKey(Profile profile, int i, IOR ior, String str, String str2, ConnectionDataCarrier connectionDataCarrier) {
        if (!SecurityObjectLocator.getCSIv2Config().getBoolean("com.ibm.CORBA.securityEnabled")) {
            return this.defaultConnInt.getConnectionKey(profile, i, ior, str, str2, connectionDataCarrier);
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getConnectionKey", new Object[]{profile, new Integer(i), ior, str, str2, connectionDataCarrier, this});
        }
        String str3 = null;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        int i2 = 0;
        short s = 0;
        short s2 = 0;
        short s3 = 0;
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = null;
        boolean z4 = false;
        short s4 = -1;
        short s5 = 0;
        if (str == null) {
            str = getClassName(ior);
        }
        if (tc.isDebugEnabled()) {
            if (str != null) {
                Tr.debug(tc, "getConnectionKey invoked for operation " + str + "." + str2 + " on ORB " + this.orb);
            } else {
                Tr.debug(tc, "getConnectionKey invoked with class_name NULL on ORB " + this.orb);
            }
        }
        boolean z5 = false;
        try {
            CSIv2TaggedComponent[] cSIv2TaggedComponentList = CSIv2TaggedComponent.getCSIv2TaggedComponentList(profile, ior);
            boolean z6 = cSIv2TaggedComponentList != null;
            SSLCompoundTaggedComponent sSLCompoundTaggedComponent = SSLCompoundTaggedComponent.getSSLCompoundTaggedComponent(profile, ior);
            if (sSLCompoundTaggedComponent == null) {
                SSLTaggedComponent sSLTaggedComponent = SSLTaggedComponent.getSSLTaggedComponent(profile, ior);
                if (sSLTaggedComponent != null) {
                    s = sSLTaggedComponent.get_targetCoalescedSuppQOP();
                    s2 = sSLTaggedComponent.get_targetCoalescedReqQOP();
                    i2 = sSLTaggedComponent.get_SSLPort();
                    z = true;
                }
            } else {
                z2 = true;
                s = sSLCompoundTaggedComponent.get_targetCoalescedSuppQOP();
                s2 = sSLCompoundTaggedComponent.get_targetCoalescedReqQOP();
                i2 = sSLCompoundTaggedComponent.get_SSLPort();
                s3 = sSLCompoundTaggedComponent.get_targetCoalescedReqQOP();
                str6 = sSLCompoundTaggedComponent.getMechanismType().trim();
                str4 = sSLCompoundTaggedComponent.get_targetCompleteName();
                str5 = RealmSecurityName.getRealm(sSLCompoundTaggedComponent.get_targetCompleteName());
            }
            APPSECTaggedComponent aPPSECTaggedComponent = APPSECTaggedComponent.getAPPSECTaggedComponent(profile, ior);
            if (aPPSECTaggedComponent != null) {
                z4 = true;
                aPPSECTaggedComponent.get_enabledState();
                str3 = aPPSECTaggedComponent.get_activeUserRegistry();
                s4 = aPPSECTaggedComponent.get_isAdminFlag();
                s5 = aPPSECTaggedComponent.get_isNamingReadUnprotectedFlag();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuilder().append("Active user registry is: ").append(str3).toString() == null ? "null" : str3 + ", :isAdmin is: " + ((int) s4) + ", isNamingReadUnprotected is: " + ((int) s5));
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SSL tag found is " + z + ", SSL compound tag found is " + z2 + ", CSIv2 tag found is " + z6 + ", Mechanism is " + str6 + ", APPSec tag found is " + z4 + ";");
            }
            if (z6 || z2 || z) {
                if (z6 || !(z2 || z)) {
                    Tr.debug(tc, "Found CSIv2 tagged component.");
                    z5 = true;
                } else {
                    Tr.debug(tc, "Found old SSL tagged component.");
                    z5 = false;
                }
            }
            if (z5) {
                if (PlatformHelperFactory.getPlatformHelper().isControlJvm()) {
                    boolean z7 = false;
                    try {
                        if (!MultiDomainHelper.isClassNameAdmin(str)) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "getConnectionKey pushing app name " + str);
                            }
                            z7 = SecurityObjectLocator.pushDomainContext(new SecurityConfigResource(str, "application"));
                        }
                        cSIv2EffectivePerformPolicy = CSIv2EffectivePerformPolicy.getInstance(cSIv2TaggedComponentList, str2, this.orb, ior, s4, s5);
                        if (z7) {
                            SecurityObjectLocator.popDomainContext();
                        }
                    } catch (Throwable th) {
                        if (z7) {
                            SecurityObjectLocator.popDomainContext();
                        }
                        throw th;
                    }
                } else {
                    cSIv2EffectivePerformPolicy = CSIv2EffectivePerformPolicy.getInstance(cSIv2TaggedComponentList, str2, this.orb, ior, s4, s5);
                }
                if (cSIv2EffectivePerformPolicy == null) {
                    Tr.debug(tc, "Cannot form CSIv2EffectivePerformPolicy. Connection refused.");
                    if (!tc.isEntryEnabled()) {
                        return false;
                    }
                    Tr.exit(tc, "getConnectionKey", Boolean.FALSE);
                    return false;
                }
                this.vault.getCurrent().setEffectivePolicy(cSIv2EffectivePerformPolicy);
                String targetSecurityName = cSIv2EffectivePerformPolicy.getTargetSecurityName();
                str4 = targetSecurityName;
                str5 = targetSecurityName;
                CSIv2TaggedComponentHolder cSIv2TaggedComponent = cSIv2EffectivePerformPolicy.getCSIv2TaggedComponent();
                if (cSIv2EffectivePerformPolicy.performSSLTLS() && cSIv2TaggedComponent != null) {
                    int i3 = cSIv2TaggedComponent.value.get_Transport_tagID();
                    if (i3 != 36) {
                        Tr.debug(tc, "Unrecognized transport tag ID: " + i3 + ". Connection refused.");
                        if (!tc.isEntryEnabled()) {
                            return false;
                        }
                        Tr.exit(tc, "getConnectionKey", Boolean.FALSE);
                        return false;
                    }
                    TLS_SEC_TRANSHolder tls_sec_trans = cSIv2TaggedComponent.value.getTLS_SEC_TRANS();
                    s = tls_sec_trans.value.target_supports;
                    s2 = tls_sec_trans.value.target_requires;
                    String str7 = cSIv2TaggedComponent.value.get_Transport_Address().value.host_name;
                    i2 = cSIv2TaggedComponent.value.get_Transport_Address().value.port;
                    z3 = true;
                    if ((s2 & 32) == 0 && (s & 32) != 0) {
                        s2 = (short) (s2 | 32);
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "CSIv2TransportFound is true, sslTargetSupports is " + ((int) s) + ", sslTargetRequires is " + ((int) s2) + ", sslport  is          " + i2 + ", hostname is          " + str7 + ";");
                    }
                }
            }
            if (str5 != null && !str5.equals("")) {
                this.vault.getCurrent().setTargetSecurityRealm(str5);
            }
            if (!((str2 == null || str2.length() == 0) ? getConnectionKeyForLocateRequest(profile, connectionDataCarrier, str, z, z2, i2, s, s2, str2, z3, cSIv2EffectivePerformPolicy) : ((profile.getPort() == 0 || !ORB.isSpecialMethod(str2) || cSIv2EffectivePerformPolicy == null || cSIv2EffectivePerformPolicy.claimClientAuthenticationRequired()) && (profile.getPort() == 0 || !isSpecialNamingMethod(str2, str)) && !isSpecialSSLRequiredNamingMethod(str2, str)) ? getConnectionKeyForMethodRequest(profile, connectionDataCarrier, str, z, z2, i2, s, s2, s3, str2, str4, str6, z3, cSIv2EffectivePerformPolicy) : getConnectionKeyForSpecialRequest(profile, connectionDataCarrier, str, z, z2, i2, s, s2, str2, z3, cSIv2EffectivePerformPolicy))) {
                Tr.debug(tc, "Cannot form valid connection key. Connection refused.");
                if (!tc.isEntryEnabled()) {
                    return false;
                }
                Tr.exit(tc, "getConnectionKey", Boolean.FALSE);
                return false;
            }
            connectionDataCarrier.setActiveUserRegistry(str3);
            ConnectionData connectionData = connectionDataCarrier.getConnectionData();
            if (connectionData != null && cSIv2EffectivePerformPolicy != null) {
                cSIv2EffectivePerformPolicy.setConnectionKey(connectionData.getConnectionKey());
            }
            if (!tc.isEntryEnabled()) {
                return true;
            }
            Tr.exit(tc, "getConnectionKey", Boolean.TRUE);
            return true;
        } catch (CSIv2RequirementsNotSatisfied e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor.getConnectionKey", "1328", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "CSIv2RequirementsNotSatisfied Exception caught in getConnectionKey.", e);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getConnectionKey", "INITIALIZE");
            }
            throw new INITIALIZE(e.debugMessage, SecurityMinorCodes.SECURITY_CONFIG_ERROR, CompletionStatus.COMPLETED_NO);
        } catch (Exception e2) {
            Manager.Ffdc.log(e2, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor.getConnectionKey", "1338", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Java runtime exception in getConnectionKey.", new Object[]{e2});
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getConnectionKey");
            }
            if (e2.getMessage() == null || e2.getMessage().equals("")) {
                throw new INTERNAL(e2.getMessage(), SecurityMinorCodes.JAVA_EXCEPTION, CompletionStatus.COMPLETED_NO);
            }
            throw new INTERNAL("Java runtime exception in getConnectionKey.", SecurityMinorCodes.JAVA_EXCEPTION, CompletionStatus.COMPLETED_NO);
        }
    }

    public boolean getConnectionKeyForLocateRequest(Profile profile, ConnectionDataCarrier connectionDataCarrier, String str, boolean z, boolean z2, int i, short s, short s2, String str2, boolean z3, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy) {
        String formConnectionKey;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getConnectionKeyForLocateRequest", new Object[]{profile, connectionDataCarrier, str, new Boolean(z), new Boolean(z2), new Integer(i), new Short(s), new Short(s2), str2, new Boolean(z3), this});
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Effecive Policy: ", cSIv2EffectivePerformPolicy);
        }
        if (tc.isDebugEnabled()) {
            if (str == null) {
                Tr.debug(tc, "Forming connection key for locate request. No class_name available.");
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Forming connection key for locate request on " + str);
            }
        }
        if ((z || z2 || z3) && (cSIv2EffectivePerformPolicy == null || cSIv2EffectivePerformPolicy.performSSLTLS())) {
            String remoteHostfromProfile = getRemoteHostfromProfile(profile);
            int i2 = i & 65535;
            short formCoalescedQOP = (!z3 || cSIv2EffectivePerformPolicy == null) ? formCoalescedQOP(s, s2) : formCSIv2CoalescedQOP(s, s2, cSIv2EffectivePerformPolicy);
            String str3 = VaultConstants.SSL_MECH_TYPE;
            formConnectionKey = formConnectionKey(remoteHostfromProfile, i2, str3, formCoalescedQOP);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting SSL ExtendedSSLConnectionData object.");
            }
            connectionDataCarrier.setConnectionData(new ExtendedSSLConnectionData(formConnectionKey, 1, formCoalescedQOP, 0, cSIv2EffectivePerformPolicy));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SSL key set, mechanism is " + str3);
            }
        } else {
            formConnectionKey = createSimpleKey(getRemoteHostfromProfile(profile), profile.getPort(), str);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting TCPIP ConnectionDataImpl object.");
            }
            connectionDataCarrier.setConnectionData(new ExtendedSSLConnectionData(formConnectionKey, 2, (short) 0, 0, cSIv2EffectivePerformPolicy));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "TCP Connection, connection type is 2");
            }
        }
        if (tc.isDebugEnabled()) {
            if (str != null) {
                Tr.debug(tc, "Returning connection key - " + formConnectionKey + " for locate request on " + str);
            } else {
                Tr.debug(tc, "Returning connection key - " + formConnectionKey + " for locate request.");
            }
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "getConnectionKeyForLocateRequest", Boolean.TRUE);
        return true;
    }

    public boolean getConnectionKeyForMethodRequest(Profile profile, ConnectionDataCarrier connectionDataCarrier, String str, boolean z, boolean z2, int i, short s, short s2, short s3, String str2, String str3, String str4, boolean z3, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getConnectionKeyForMethodRequest", new Object[]{profile, connectionDataCarrier, str, new Boolean(z), new Boolean(z2), new Integer(i), new Short(s), new Short(s2), new Short(s3), str2, str3, str4, new Boolean(z3), this});
        }
        if (tc.isDebugEnabled()) {
            if (str != null) {
                Tr.debug(tc, "Forming connection key for method - " + str2 + " on " + str);
            } else {
                Tr.debug(tc, "Forming connection key for method - " + str2 + ". No class_name available.");
            }
        }
        String establishConnectionInfo = establishConnectionInfo(profile, connectionDataCarrier, z, z2, i, s, s2, s3, getRemoteHostfromProfile(profile) + ":" + profile.getPort(), z3, cSIv2EffectivePerformPolicy, str);
        if (tc.isDebugEnabled()) {
            if (str != null) {
                Tr.debug(tc, "Returning connection key - " + establishConnectionInfo + " for " + str2 + " request on " + str);
            } else {
                Tr.debug(tc, "Returning connection key - " + establishConnectionInfo + " for " + str2 + " request.");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getConnectionKeyForMethodRequest");
        }
        return establishConnectionInfo != null;
    }

    public boolean getConnectionKeyForSpecialRequest(Profile profile, ConnectionDataCarrier connectionDataCarrier, String str, boolean z, boolean z2, int i, short s, short s2, String str2, boolean z3, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getConnectionKeyForSpecialRequest", new Object[]{profile, connectionDataCarrier, str, new Boolean(z), new Boolean(z2), new Integer(i), new Short(s), new Short(s2), str2, new Boolean(z3), this});
        }
        String str3 = null;
        if (tc.isDebugEnabled()) {
            if (str != null) {
                Tr.debug(tc, "Forming connection key for " + str2 + " request on " + str);
            } else {
                Tr.debug(tc, "Forming connection key for " + str2 + " request. No class_name available.");
            }
        }
        if ((profile.getPort() == 0 && isSpecialNamingMethod(str2, str)) || (isSpecialSSLRequiredNamingMethod(str2, str) && (cSIv2EffectivePerformPolicy == null || cSIv2EffectivePerformPolicy.performSSLTLS()))) {
            String remoteHostfromProfile = getRemoteHostfromProfile(profile);
            int i2 = i & 65535;
            short formCoalescedQOP = (!z3 || cSIv2EffectivePerformPolicy == null) ? formCoalescedQOP(s, s2) : formCSIv2CoalescedQOP(s, s2, cSIv2EffectivePerformPolicy);
            str3 = formConnectionKey(remoteHostfromProfile, i2, VaultConstants.SSL_MECH_TYPE, formCoalescedQOP);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting SSL ExtendedSSLConnectionData object for special naming method for CSIv2.");
            }
            connectionDataCarrier.setConnectionData(new ExtendedSSLConnectionData(str3, 1, formCoalescedQOP, 0, cSIv2EffectivePerformPolicy));
        }
        if (str3 == null) {
            if ((z || z2 || z3) && ((!isSpecialNamingMethod(str2, str) || profile.getPort() == 0) && (cSIv2EffectivePerformPolicy == null || cSIv2EffectivePerformPolicy.performSSLTLS()))) {
                String remoteHostfromProfile2 = getRemoteHostfromProfile(profile);
                int i3 = i & 65535;
                short formCoalescedQOP2 = (!z3 || cSIv2EffectivePerformPolicy == null) ? formCoalescedQOP(s, s2) : formCSIv2CoalescedQOP(s, s2, cSIv2EffectivePerformPolicy);
                str3 = formConnectionKey(remoteHostfromProfile2, i3, VaultConstants.SSL_MECH_TYPE, formCoalescedQOP2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting SSL ExtendedSSLConnectionData object.");
                }
                connectionDataCarrier.setConnectionData(new ExtendedSSLConnectionData(str3, 1, formCoalescedQOP2, 0, cSIv2EffectivePerformPolicy));
            } else {
                str3 = createSimpleKey(getRemoteHostfromProfile(profile), profile.getPort(), str);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Setting TCPIP ConnectionDataImpl object.");
                }
                connectionDataCarrier.setConnectionData(new ExtendedSSLConnectionData(str3, 2, (short) 0, 0, cSIv2EffectivePerformPolicy));
            }
        }
        if (tc.isDebugEnabled()) {
            if (str != null) {
                Tr.debug(tc, "Returning connection key - " + str3 + " for " + str2 + " on " + str);
            } else {
                Tr.debug(tc, "Returning connection key - " + str3 + " for " + str2);
            }
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "getConnectionKeyForSpecialRequest", Boolean.TRUE);
        return true;
    }

    public SSLServerConnectionData getCSIRegisteredSSLServerConnectionDataObject() {
        return this.csiServerSSLConnData;
    }

    public SSLServerConnectionData getCSIClientCertRegisteredSSLServerConnectionDataObject() {
        return this.csiClientCertServerSSLConnData;
    }

    public ServerConnectionData getRegisteredTCPServerConnectionDataObject() {
        return this.serverTCPConnData;
    }

    @Override // com.ibm.ws.orb.transport.DefaultConnectionInterceptor, com.ibm.ws.orb.transport.ConnectionInterceptor
    public ServerConnectionData[] getServerConnectionData(ORB orb) {
        String str;
        short s;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getServerConnectionData", new Object[]{orb, this});
        }
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        if (!cSIv2Config.getBoolean("com.ibm.CORBA.securityEnabled")) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getServerConnectionData");
            }
            return this.defaultConnInt.getServerConnectionData(orb);
        }
        List list = null;
        List list2 = null;
        try {
            str = orb.getLocalHost();
        } catch (Exception e) {
            Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor.getServerConnectionData", "1679", this);
            str = null;
            Tr.error(tc, "security.JSAS0445E", new Object[]{e});
        }
        if (str == null || str.length() == 0) {
            str = "localHost";
        }
        String property = orb.getProperty("com.ibm.CORBA.TransportMode");
        if (property == null || property.equalsIgnoreCase("Pluggable")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "In pluggable transport mode.");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "*** IN CHANNEL FRAMEWORK MODE ACTING AS PLUGGABLE ***");
        }
        if (1 != 0) {
            try {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Getting TCPIP ConnectionObject.");
                }
                getTcpConnectionObject(str);
                if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Getting CSIv2 SSL (w/ and w/o ClientCert) ConnectionObjects for z/OS.");
                    }
                    getCSISSLConnectionObject(str);
                    if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_TRANSPORT_ASSOCIATION_SSL_TLS_REQUIRED)) {
                        ((ServerConnectionDataImpl) this.serverTCPConnData).setAddToServerProfile(false);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "The TCP/IP port in the IOR profile will be 0.  The value of AddToServerProfile is " + this.serverTCPConnData.getAddToServerProfile());
                        }
                    }
                } else if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_TRANSPORT_ASSOCIATION_SSL_TLS_REQUIRED)) {
                    if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_TRANSPORT_LAYER_CLIENT_AUTHENTICATION_REQUIRED)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Getting CSIv2 SSL (w/ClientCert) ConnectionObject.");
                        }
                        getCSIClientCertSSLConnectionObject(str);
                    } else if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_TRANSPORT_LAYER_CLIENT_AUTHENTICATION_SUPPORTED)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Getting CSIv2 SSL (w/ and w/o ClientCert) ConnectionObjects.");
                        }
                        getCSISSLConnectionObject(str);
                        getCSIClientCertSSLConnectionObject(str);
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Getting CSIv2 SSL (w/o ClientCert) ConnectionObjects.");
                        }
                        getCSISSLConnectionObject(str);
                    }
                    ((ServerConnectionDataImpl) this.serverTCPConnData).setAddToServerProfile(false);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The TCP/IP port in the IOR profile will be 0.  The value of AddToServerProfile is " + this.serverTCPConnData.getAddToServerProfile());
                    }
                } else if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_TRANSPORT_ASSOCIATION_SSL_TLS_SUPPORTED)) {
                    if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_TRANSPORT_LAYER_CLIENT_AUTHENTICATION_REQUIRED)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Getting CSIv2 SSL (w/ClientCert) ConnectionObject.");
                        }
                        getCSIClientCertSSLConnectionObject(str);
                    } else if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_TRANSPORT_LAYER_CLIENT_AUTHENTICATION_SUPPORTED)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Getting CSIv2 SSL (w/ and w/o ClientCert) ConnectionObjects.");
                        }
                        getCSISSLConnectionObject(str);
                        getCSIClientCertSSLConnectionObject(str);
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Getting CSIv2 SSL (w/o ClientCert) ConnectionObjects.");
                        }
                        getCSISSLConnectionObject(str);
                    }
                }
                int i = this.serverTCPConnData != null ? 0 + 1 : 0;
                if (this.csiServerSSLConnData != null) {
                    i++;
                }
                if (this.csiClientCertServerSSLConnData != null) {
                    i++;
                }
                ServerConnectionData[] serverConnectionDataArr = new ServerConnectionData[i];
                int i2 = i;
                if (this.serverTCPConnData != null) {
                    int i3 = i;
                    i--;
                    serverConnectionDataArr[i2 - i3] = this.serverTCPConnData;
                }
                if (this.csiServerSSLConnData != null) {
                    int i4 = i;
                    i--;
                    serverConnectionDataArr[i2 - i4] = this.csiServerSSLConnData;
                }
                if (this.csiClientCertServerSSLConnData != null) {
                    int i5 = i;
                    int i6 = i - 1;
                    serverConnectionDataArr[i2 - i5] = this.csiClientCertServerSSLConnData;
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getServerConnectionData", serverConnectionDataArr);
                }
                return serverConnectionDataArr;
            } catch (Exception e2) {
                Manager.Ffdc.log(e2, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor.getServerConnectionData", "1848", this);
                Tr.debug(tc, "Exception getting SSL server connection data array from pluggable transport configuration.  Exception is: " + e2.getMessage(), new Object[]{e2});
                if (!tc.isEntryEnabled()) {
                    return null;
                }
                Tr.exit(tc, "getServerConnectionData", null);
                return null;
            }
        }
        try {
            ArrayList arrayList = new ArrayList();
            if (0 != 0 && list2.size() > 0) {
                for (int i7 = 0; i7 < list2.size(); i7++) {
                    Properties properties = (Properties) list2.get(i7);
                    String property2 = properties.getProperty("com.ibm.CORBA.ListenerPort");
                    int intValue = property2 != null ? new Short(property2).intValue() : 0;
                    if (intValue != orb.getBootstrapPort()) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Creating TCP server connection data for chain name: " + properties.getProperty("ChainName") + ", and endPointName: " + properties.getProperty(WSVirtualConnectionFactoryImpl.ENDPOINT_NAME));
                        }
                        ServerConnectionDataImpl serverConnectionDataImpl = new ServerConnectionDataImpl();
                        serverConnectionDataImpl.setServerPort(intValue);
                        serverConnectionDataImpl.setConnectionKey(formConnectionKey(str, intValue, " ", (short) 0));
                        serverConnectionDataImpl.setConnectionType(2L);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Requesting to create a TCPIP server connection with:");
                            Tr.debug(tc, "  Connection key: " + serverConnectionDataImpl.getConnectionKey() + ", Connection type: " + serverConnectionDataImpl.getConnectionType() + ", Server port: " + serverConnectionDataImpl.getServerPort());
                        }
                        arrayList.add(serverConnectionDataImpl);
                    }
                }
            }
            if (0 != 0 && list.size() > 0) {
                for (int i8 = 0; i8 < list.size(); i8++) {
                    Properties properties2 = (Properties) list.get(i8);
                    String property3 = properties2.getProperty(CSIv2Config.SSL_PORT);
                    short shortValue = property3 != null ? new Short(property3).shortValue() : (short) 0;
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Creating SSL server connection data for chain name: " + properties2.getProperty("ChainName") + ", and endPointName: " + properties2.getProperty(WSVirtualConnectionFactoryImpl.ENDPOINT_NAME));
                    }
                    short s2 = 0;
                    String property4 = properties2.getProperty("com.ibm.ssl.securityLevel");
                    if (property4 != null && property4.equalsIgnoreCase("high")) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Claim security level is HIGH for this transport tag.");
                        }
                        s2 = (short) (((short) (0 | 2)) | 4);
                        s = (short) (((short) (((short) (0 | 2)) | 4)) | 32);
                    } else if (property4 == null || !property4.equalsIgnoreCase("medium")) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Claim security level is LOW for this transport tag.");
                        }
                        s = (short) (((short) (((short) (0 | 2)) | 4)) | 32);
                    } else {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Claim security level is MEDIUM for this transport tag.");
                        }
                        s2 = (short) (0 | 2);
                        s = (short) (((short) (((short) (0 | 2)) | 4)) | 32);
                    }
                    String property5 = properties2.getProperty("com.ibm.ssl.clientAuthentication");
                    String property6 = properties2.getProperty(Constants.SSLPROP_CLIENT_AUTHENTICATION_SUPPORTED);
                    if (property5 != null && property5.equals("true")) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Claim client authentication is required for this transport tag.");
                        }
                        s2 = (short) (s2 | 64);
                        s = (short) (s | 64);
                    } else if (property6 != null && property6.equals("true")) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Claim client authentication is supported for this transport tag.");
                        }
                        s = (short) (s | 64);
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Claim client authentication is disabled for this transport tag.");
                    }
                    SSLServerConnectionDataImpl sSLServerConnectionDataImpl = new SSLServerConnectionDataImpl();
                    sSLServerConnectionDataImpl.setConnectionKey(formConnectionKey(str, shortValue, VaultConstants.SSL_MECH_TYPE, s));
                    sSLServerConnectionDataImpl.setConnectionType(1L);
                    sSLServerConnectionDataImpl.setServerPort(shortValue);
                    sSLServerConnectionDataImpl.setTargetRequiresQOP(s2);
                    sSLServerConnectionDataImpl.setTargetSupportsQOP(s);
                    String property7 = properties2.getProperty("com.ibm.ssl.alias");
                    sSLServerConnectionDataImpl.setSSLConfigAlias(property7);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Requesting to create an SSL server connection with:");
                        Tr.debug(tc, "  Alias: " + property7);
                    }
                    arrayList.add(sSLServerConnectionDataImpl);
                }
            }
            ServerConnectionData[] serverConnectionDataArr2 = (ServerConnectionData[]) arrayList.toArray(new ServerConnectionData[arrayList.size()]);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getServerConnectionData");
            }
            return serverConnectionDataArr2;
        } catch (Exception e3) {
            Manager.Ffdc.log(e3, this, "com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor.getServerConnectionData", "2020", this);
            Tr.debug(tc, "Exception getting SSL server connection data array from channel framework configuration.  Exception is: " + e3.getMessage(), new Object[]{e3});
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getServerConnectionData", null);
            return null;
        }
    }

    @Override // com.ibm.ws.orb.transport.DefaultConnectionInterceptor, com.ibm.ws.orb.transport.ConnectionInterceptor
    public void notifyBrokenConnection(ConnectionInformation connectionInformation) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "notifyBrokenConnection", new Object[]{connectionInformation, this});
        }
        ConnectionData connectionData = (ConnectionData) connectionInformation.getConnectionData();
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        if (this.vault != null && cSIv2Config.getBoolean(CSIv2Config.NOTIFY_BROKEN_CONNECTION_ENABLED)) {
            if (connectionData == null || !(connectionData instanceof ExtendedSSLConnectionData)) {
                ServerConnectionKey serverConnectionKey = new ServerConnectionKey(connectionInformation.getConnectionCreationTime(), connectionInformation.getRemoteHost(), connectionInformation.getRemotePort());
                if (tc.isDebugEnabled() && serverConnectionKey != null) {
                    Tr.debug(tc, "A server connection is broken: " + serverConnectionKey.get_server_connection_hash());
                }
                this.vault.deleteSessionsForConnection(serverConnectionKey);
            } else {
                String connectionKey = connectionData.getConnectionKey();
                if (tc.isDebugEnabled() && connectionKey != null) {
                    Tr.debug(tc, "A client connection is broken:  " + connectionKey);
                }
                this.vault.deleteSessionsForConnection(connectionKey);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "notifyBrokenConnection");
        }
    }

    public static boolean isSpecial(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSpecial", new Object[]{str, str2});
        }
        if (str2 == null) {
            return false;
        }
        Tr.debug(tc, "method  = " + str + ", class name = " + str2);
        if (str.equals("get_compatibility_level")) {
            Tr.debug(tc, "method matches");
        } else {
            Tr.debug(tc, "method no matches");
        }
        if (str2.equals("com.ibm.WsnOptimizedNaming._NamingContextStub")) {
            Tr.debug(tc, "interface matches");
        } else {
            Tr.debug(tc, "interface no matches");
        }
        return str.equals("get_compatibility_level") && str2.equals("com.ibm.WsnOptimizedNaming._NamingContextStub");
    }

    public static boolean isSpecialClass(String str, String str2) {
        if (str2 == null) {
            return false;
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSpecialClass", new Object[]{str, str2});
        }
        if (str.equals("get_compatibility_level") && str2.equals("com.ibm.WsnBootstrap._WsnNameServiceStub")) {
            return true;
        }
        if (str.equals("get_compatibility_level") && str2.equals("com.ibm.ws.naming.bootstrap.WsnNameServiceImpl")) {
            return true;
        }
        if (str.equals("get_context_id_string") && str2.equals("com.ibm.WsnBootstrap._WsnNameServiceStub")) {
            return true;
        }
        if (str.equals("get_context_id_string") && str2.equals("com.ibm.ws.naming.bootstrap.WsnNameServiceImpl")) {
            return true;
        }
        if (str.equals("get_full_primary_name") && str2.equals("com.ibm.WsnBootstrap._WsnNameServiceStub")) {
            return true;
        }
        if (str.equals("get_full_primary_name") && str2.equals("com.ibm.ws.naming.bootstrap.WsnNameServiceImpl")) {
            return true;
        }
        if (str.equals("list") && str2.equals("com.ibm.WsnBootstrap._WsnNameServiceStub")) {
            return true;
        }
        if (str.equals("list") && str2.equals("com.ibm.ws.naming.bootstrap.WsnNameServiceImpl")) {
            return true;
        }
        if (str.equals("list_complete_info") && str2.equals("com.ibm.WsnBootstrap._WsnNameServiceStub")) {
            return true;
        }
        if (str.equals("list_complete_info") && str2.equals("com.ibm.ws.naming.bootstrap.WsnNameServiceImpl")) {
            return true;
        }
        if (str.equals("resolve") && str2.equals("com.ibm.WsnBootstrap._WsnNameServiceStub")) {
            return true;
        }
        if (str.equals("resolve") && str2.equals("com.ibm.ws.naming.bootstrap.WsnNameServiceImpl")) {
            return true;
        }
        if (str.equals("resolve_complete_info") && str2.equals("com.ibm.WsnBootstrap._WsnNameServiceStub")) {
            return true;
        }
        if (str.equals("resolve_complete_info") && str2.equals("com.ibm.ws.naming.bootstrap.WsnNameServiceImpl")) {
            return true;
        }
        if (str.equals("BindingIterator_next_one") && str2.equals("com.ibm.WsnBootstrap._WsnNameServiceStub")) {
            return true;
        }
        if (str.equals("BindingIterator_next_one") && str2.equals("com.ibm.ws.naming.bootstrap.WsnNameServiceImpl")) {
            return true;
        }
        if (str.equals("BindingIterator_next_one") && str2.equals("com.ibm.WsnBootstrap._WsnNameServiceStub")) {
            return true;
        }
        if (str.equals("BindingIterator_next_one") && str2.equals("com.ibm.ws.naming.bootstrap.WsnNameServiceImpl")) {
            return true;
        }
        if (str.equals("BindingIterator_Destroy") && str2.equals("com.ibm.WsnBootstrap._WsnNameServiceStub")) {
            return true;
        }
        return str.equals("BindingIterator_Destroy") && str2.equals("com.ibm.ws.naming.bootstrap.WsnNameServiceImpl");
    }

    public static boolean isNamingMethodUnprotected(String str, String str2) {
        if (str2 == null) {
            return false;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "isNamingMethodUnprotected, method = " + str + ", class_name = " + str2);
        }
        if (str.equals("get_compatibility_level") && str2.equals("com.ibm.WsnOptimizedNaming._NamingContextStub")) {
            return true;
        }
        if (str.equals("resolve_complete_info") && str2.equals("com.ibm.WsnOptimizedNaming._NamingContextStub")) {
            return true;
        }
        if (str.equals("list_complete_info_dist") && str2.equals("com.ibm.WsnOptimizedNaming._NamingContextStub")) {
            return true;
        }
        if (str.equals("list_complete_info") && str2.equals("com.ibm.WsnOptimizedNaming._NamingContextStub")) {
            return true;
        }
        if (str.equals("destroy") && str2.equals("com.ibm.WsnOptimizedNaming._DistBindingDataIteratorStub")) {
            return true;
        }
        if (str.equals("next_n") && str2.equals("com.ibm.WsnOptimizedNaming._DistBindingDataIteratorStub")) {
            return true;
        }
        if (str.equals("next_one") && str2.equals("com.ibm.WsnOptimizedNaming._DistBindingDataIteratorStub")) {
            return true;
        }
        if (str.equals("next_one") && str2.equals("org.omg.CosNaming._BindingIteratorStub")) {
            return true;
        }
        if (str.equals("next_n") && str2.equals("org.omg.CosNaming._BindingIteratorStub")) {
            return true;
        }
        if (str.equals("destroy") && str2.equals("org.omg.CosNaming._BindingIteratorStub")) {
            return true;
        }
        if (str.equals("resolve_str") && str2.equals("org.omg.CosNaming._NamingContextExtStub")) {
            return true;
        }
        if (str.equals("to_string") && str2.equals("org.omg.CosNaming._NamingContextExtStub")) {
            return true;
        }
        if (str.equals("to_name") && str2.equals("org.omg.CosNaming._NamingContextExtStub")) {
            return true;
        }
        if (str.equals("to_url") && str2.equals("org.omg.CosNaming._NamingContextExtStub")) {
            return true;
        }
        if (str.equals("resolve") && str2.equals("org.omg.CosNaming._NamingContextStub")) {
            return true;
        }
        if (str.equals("list") && str2.equals("org.omg.CosNaming._NamingContextStub")) {
            return true;
        }
        if (!PlatformHelperFactory.getPlatformHelper().isZOS()) {
            return false;
        }
        if (str.equals("resolve_complete_info") && str2.equals("com.ibm.ws.naming.distcos.WsnDistributedNC")) {
            return true;
        }
        if (str.equals("resolve_complete_info") && str2.equals("com.ibm.ws.naming.distcos.PersistentXmlNC")) {
            return true;
        }
        if (str.equals("resolve_complete_info") && str2.equals("com.ibm.ws.naming.distcos.PersistentXmlMasterNC")) {
            return true;
        }
        if (str.equals("resolve_complete_info") && str2.equals("com.ibm.ws.naming.distcos.PersistentXmlSlaveNC")) {
            return true;
        }
        if (str.equals("resolve_complete_info") && str2.equals("com.ibm.ws.naming.distcos.ReadOnlyNC")) {
            return true;
        }
        if (str.equals("resolve_complete_info") && str2.equals("com.ibm.ws.naming.distcos.DistBindingDataIteratorImpl")) {
            return true;
        }
        if (str.equals("resolve_complete_info") && str2.equals("com.ibm.ws.naming.ipcos.BindingDataIteratorImpl")) {
            return true;
        }
        return str.equals("resolve_complete_info") && str2.equals("com.ibm.ws.naming.ipcos.BindingIteratorImpl");
    }

    public static boolean onlyProtectedByNamingRead(String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "onlyProtectedByNamingRead, method = " + str + ", class_name = " + str2);
        }
        boolean z = false;
        if (str2 == null || !str2.startsWith("com.ibm.ws.naming.distcos") || str == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "class and/or method null");
            }
        } else if (str.equals("get_compatibility_level") || str.equals("get_context_id_string") || str.equals("get_full_primary_name") || str.equals("list") || str.equals("list_complete_info") || str.equals("list_complete_info_dist") || str.equals("resolve") || str.equals("resolve_complete_info") || str.equals("BindingIterator_next_one") || str.equals("BindingIterator_next_n") || str.equals("BindingIterator_destroy")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "class and method matches!");
            }
            z = true;
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No match found.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "onlyProtectedByNamingRead", Boolean.valueOf(z));
        }
        return z;
    }

    public static boolean isSpecialNamingMethod(String str, String str2) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "method = " + str + ", class_name = " + str2);
        }
        if (str == null || str2 == null) {
            return false;
        }
        if (str.equals("getProperties") && str2.equals("com.ibm.WsnBootstrap._WsnNameServiceStub")) {
            return true;
        }
        if (str.equals("getProperties") && str2.equals("com.ibm.ws.naming.bootstrap.WsnNameServiceImpl")) {
            return true;
        }
        if (str.equals("get") && str2.equals("com.ibm.rmi.corba.CORBAObjectImpl")) {
            return true;
        }
        if ((str.equals("get") || str.equals("list")) && str2.equals("com.ibm.ws390.orb.INITImpl")) {
            return true;
        }
        if (str.equals("meta") && (str2.equals("com.ibm.org.omg.SendingContext._CodeBaseStub") || str2.equals("com.ibm.org.omg.SendingContext.CodeBase_Tie"))) {
            return true;
        }
        if (str.equals("ping") && (str2.equals("com.ibm.org.omg.CORBA._ObjectStub") || str2.equals("com.ibm.ws.orb.services.lsd._ORB_ServerStub") || str2.equals("com.ibm.ejs.oa.ORB_ServerImpl"))) {
            return true;
        }
        if (str.equals("reregistration_required")) {
            return str2.equals("com.ibm.ws.orb.services.lsd._ORB_ServerStub") || str2.equals("com.ibm.ejs.oa.ORB_ServerImpl");
        }
        return false;
    }

    public static boolean isUserRegistryMethodProtected(String str, String str2) {
        if (!"com.ibm.ws.security.registry._UserRegistryImpl_Tie".equals(str2)) {
            return false;
        }
        if (unprotectedRegistryMethods.contains("*") || unprotectedRegistryMethods.contains(str)) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.debug(tc, str + " is unprotected, returning false");
            return false;
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, str + " is protected, returning true");
        return true;
    }

    public static boolean isSpecialSSLRequiredNamingMethod(String str, String str2) {
        if (str2 == null) {
            return false;
        }
        if (str2.equals("com.ibm.ws.security.server._SecurityServer_Stub")) {
            return true;
        }
        return (str2.equals("com.ibm.websphere.security._UserRegistry_Stub") && !str.equals("createCredential")) || str2.equals("com.ibm.ws.security.server._SecurityServerImpl_Tie") || str2.equals("com.ibm.ws.security.registry._UserRegistryImpl_Tie");
    }

    public String createSimpleKey(String str, int i, String str2) {
        String str3;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Host:  " + str + " Port: " + i);
        }
        if (str == null || str.indexOf(":") < 0 || str.indexOf("]") == str.length() - 1) {
            str3 = str + ":" + i;
        } else {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Brackets are being added");
            }
            str3 = WorkSpaceConstant.FIELD_SEPERATOR + str + "]:" + i;
        }
        if (str2 != null && (str2.equals("com.ibm.ws.orb.transport.DummyObjectImpl") || str2.equals("com.ibm.org.omg.CORBA._ObjectStub") || str2.equals("<unknown>"))) {
            this.vault.getCurrent().setFirstHost(str);
            this.vault.getCurrent().setFirstPort(Integer.toString(i));
            String allHosts = this.vault.getCurrent().getAllHosts();
            int indexOf = allHosts.indexOf(str3);
            if (indexOf == -1) {
                this.vault.getCurrent().setAllHosts(str3 + CommandSecurityUtil.PARAM_DELIM + allHosts);
                this.vault.getCurrent().setAllPorts(Integer.toString(i) + CommandSecurityUtil.PARAM_DELIM + this.vault.getCurrent().getAllPorts());
            } else {
                String str4 = allHosts.substring(0, indexOf) + allHosts.substring(indexOf + str3.length() + 1);
                String allPorts = this.vault.getCurrent().getAllPorts();
                String num = Integer.toString(i);
                int indexOf2 = allPorts.indexOf(num);
                String str5 = "";
                if (indexOf2 != -1) {
                    str5 = allPorts.substring(0, indexOf2) + allPorts.substring(indexOf2 + num.length() + 1);
                }
                this.vault.getCurrent().setAllHosts(str3 + CommandSecurityUtil.PARAM_DELIM + str4);
                this.vault.getCurrent().setAllPorts(Integer.toString(i) + CommandSecurityUtil.PARAM_DELIM + str5);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "New value of getFirstHost/Port():  " + this.vault.getCurrent().getFirstHost() + ":" + this.vault.getCurrent().getFirstPort());
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "New value of getAllHosts():  " + this.vault.getCurrent().getAllHosts());
            }
        }
        return str3;
    }

    public VaultImpl getVault() {
        if (this.vault == null) {
            this.vault = VaultImpl.getInstance();
        }
        return this.vault;
    }

    public boolean getTcpConnectionObject(String str) {
        ServerConnectionDataImpl serverConnectionDataImpl = new ServerConnectionDataImpl();
        serverConnectionDataImpl.setServerPort(this.orb.getListenerPort());
        serverConnectionDataImpl.setConnectionKey(formConnectionKey(str, this.orb.getListenerPort(), " ", (short) 0));
        serverConnectionDataImpl.setConnectionType(2L);
        this.serverTCPConnData = serverConnectionDataImpl;
        if (!tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "Requesting to create a TCPIP server connection with:");
        Tr.debug(tc, "  Connection key: " + serverConnectionDataImpl.getConnectionKey() + ", Connection type: " + serverConnectionDataImpl.getConnectionType() + ", Server port: " + serverConnectionDataImpl.getServerPort());
        return true;
    }

    public boolean getCSISSLConnectionObject(String str) {
        SSLServerConnectionDataImpl sSLServerConnectionDataImpl = new SSLServerConnectionDataImpl();
        short s = (short) (0 | 32);
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_MESSAGE_INTEGRITY_REQUIRED)) {
            s = (short) (s | 2);
        }
        if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_MESSAGE_CONFIDENTIALITY_REQUIRED)) {
            s = (short) (s | 4);
        }
        short s2 = (short) (0 | 32);
        if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_MESSAGE_INTEGRITY_SUPPORTED)) {
            s2 = (short) (s2 | 2);
        }
        if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_MESSAGE_CONFIDENTIALITY_SUPPORTED)) {
            s2 = (short) (s2 | 4);
        }
        sSLServerConnectionDataImpl.setConnectionKey(formConnectionKey(str, cSIv2Config.getInteger(CSIv2Config.SSL_PORT), VaultConstants.SSL_MECH_TYPE, s2));
        sSLServerConnectionDataImpl.setConnectionType(1L);
        sSLServerConnectionDataImpl.setServerPort(cSIv2Config.getInteger(CSIv2Config.SSL_PORT));
        sSLServerConnectionDataImpl.setTargetRequiresQOP(s);
        sSLServerConnectionDataImpl.setTargetSupportsQOP(s2);
        sSLServerConnectionDataImpl.setSSLConfigAlias(cSIv2Config.getString(CSIv2Config.SSL_INBOUND_ALIAS));
        sSLServerConnectionDataImpl.setEndPointName("CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS");
        this.csiServerSSLConnData = sSLServerConnectionDataImpl;
        if (!tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "Requesting to create an SSL server connection with:");
        Tr.debug(tc, "  Alias: " + sSLServerConnectionDataImpl.getSSLConfigAlias());
        return true;
    }

    public boolean getCSIClientCertSSLConnectionObject(String str) {
        SSLServerConnectionDataImpl sSLServerConnectionDataImpl = new SSLServerConnectionDataImpl();
        short s = (short) (((short) (0 | 32)) | 64);
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_MESSAGE_INTEGRITY_REQUIRED)) {
            s = (short) (s | 2);
        }
        if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_MESSAGE_CONFIDENTIALITY_REQUIRED)) {
            s = (short) (s | 4);
        }
        short s2 = (short) (((short) (0 | 32)) | 64);
        if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_MESSAGE_INTEGRITY_SUPPORTED)) {
            s2 = (short) (s2 | 2);
        }
        if (cSIv2Config.getBoolean(CSIv2Config.CLAIM_MESSAGE_CONFIDENTIALITY_SUPPORTED)) {
            s2 = (short) (s2 | 4);
        }
        sSLServerConnectionDataImpl.setConnectionKey(formConnectionKey(str, cSIv2Config.getInteger(CSIv2Config.CLIENT_CERT_SSL_PORT), VaultConstants.SSL_MECH_TYPE, s2));
        sSLServerConnectionDataImpl.setConnectionType(1L);
        sSLServerConnectionDataImpl.setServerPort(cSIv2Config.getInteger(CSIv2Config.CLIENT_CERT_SSL_PORT));
        sSLServerConnectionDataImpl.setTargetRequiresQOP(s);
        sSLServerConnectionDataImpl.setTargetSupportsQOP(s2);
        sSLServerConnectionDataImpl.setSSLConfigAlias(cSIv2Config.getString(CSIv2Config.SSL_INBOUND_ALIAS));
        sSLServerConnectionDataImpl.setEndPointName("CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS");
        this.csiClientCertServerSSLConnData = sSLServerConnectionDataImpl;
        if (!tc.isDebugEnabled()) {
            return true;
        }
        Tr.debug(tc, "Requesting to create an SSL server connection including EstablishTrustInClient with:");
        Tr.debug(tc, "  Alias: " + sSLServerConnectionDataImpl.getSSLConfigAlias());
        return true;
    }

    public String establishConnectionInfo(Profile profile, ConnectionDataCarrier connectionDataCarrier, boolean z, boolean z2, int i, short s, short s2, short s3, String str, boolean z3, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "establishConnectionInfo", new Object[]{profile, connectionDataCarrier, new Boolean(z), new Boolean(z2), new Integer(i), new Short(s), new Short(s2), new Short(s3), str, new Boolean(z3), this});
        }
        boolean z4 = false;
        CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
        if (z || z2 || z3) {
            if (!cSIv2Config.getBoolean("com.ibm.CSI.performTransportAssocSSLTLSSupported") && !cSIv2Config.getBoolean("com.ibm.CSI.performTransportAssocSSLTLSRequired") && profile.getPort() == 0) {
                throw new NO_PERMISSION("SSL is not supported or required in client configuration, however, no TCP/IP port specified in IOR profile.");
            }
            if ((z || z2 || z3) && (cSIv2EffectivePerformPolicy == null || cSIv2EffectivePerformPolicy.performSSLTLS())) {
                z4 = true;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, ", Creating SSL connectionKey: " + z4 + ", sslCmpdTagFound is " + z2 + ", sslTagFound is " + z + ";, CSIv2TransportFound is " + z3 + ";");
        }
        if (!z4) {
            String createSimpleKey = createSimpleKey(getRemoteHostfromProfile(profile), profile.getPort(), str2);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Setting TCPIP ConnectionDataImpl object.");
            }
            connectionDataCarrier.setConnectionData(new ExtendedSSLConnectionData(createSimpleKey, 2, (short) 0, 0, cSIv2EffectivePerformPolicy));
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SSL not enabled, returning connection key - " + createSimpleKey);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "establishConnectionInfo", createSimpleKey);
            }
            return createSimpleKey;
        }
        int i2 = i & 65535;
        short formCoalescedQOP = (!z3 || cSIv2EffectivePerformPolicy == null) ? formCoalescedQOP(s, s2) : formCSIv2CoalescedQOP(s, s2, cSIv2EffectivePerformPolicy);
        String str3 = VaultConstants.SSL_MECH_TYPE;
        int lastIndexOf = str.lastIndexOf(":");
        String formConnectionKey = formConnectionKey(lastIndexOf >= 0 ? str.substring(0, lastIndexOf) : str, i2, str3, formCoalescedQOP);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Setting SSL ExtendedSSLConnectionData object.");
        }
        connectionDataCarrier.setConnectionData(new ExtendedSSLConnectionData(formConnectionKey, 1, formCoalescedQOP, 0, cSIv2EffectivePerformPolicy));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "establishConnectionInfo", formConnectionKey);
        }
        return formConnectionKey;
    }

    @Override // com.ibm.ws.orb.transport.DefaultConnectionInterceptor, com.ibm.ws.orb.transport.ConnectionInterceptor
    public SSLConnectionData getSSLConfigurationParameters(String str, long j, short s, int i) {
        return new ExtendedSSLConnectionData(str, j, s, i, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getHostfromProfile(Profile profile) {
        String str;
        try {
            str = profile.getHostIPAddress();
            if (str != null) {
                if (str.trim().length() == 0) {
                    str = null;
                }
            }
        } catch (Throwable th) {
            Manager.Ffdc.log(th, SecurityConnectionInterceptor.class, "com.ibm.ISecurityLocalObjectBaseL13Impl.SecurityConnectionInterceptor.getHostfromProfile", "2769");
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Could not resolve host, ignore if HTTP Tunneling is enabled", new Object[]{th});
            }
            str = null;
        }
        if (str == null) {
            str = profile.getHost();
        }
        return str;
    }

    String getRemoteHostfromProfile(Profile profile) {
        String hostfromProfile;
        String str = null;
        if (this.orb != null) {
            str = this.orb.getProperty("com.ibm.CORBA.ForceTunnel");
        }
        if (C.LDAP_DEREF_ALIASES_ALWAYS.equalsIgnoreCase(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "com.ibm.CORBA.ForceTunnel is set to true, skip invoking getHostIPAddress method.");
            }
            hostfromProfile = profile.getHost();
        } else {
            hostfromProfile = getHostfromProfile(profile);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Target Hostname: " + hostfromProfile);
        }
        return hostfromProfile;
    }

    private String getClassName(IOR ior) {
        Object IORToObject;
        String str = "<unknown>";
        if (ior != null) {
            String stringify = ior.stringify();
            str = (String) classNames.get(stringify);
            if (str == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Getting class name from IOR.");
                }
                if (ior != null && !ior.isBootstrap() && (IORToObject = this.orb.IORToObject(ior)) != null) {
                    str = IORToObject.getClass().getName();
                }
                if (str != null) {
                    classNames.put(stringify, str);
                    if (classNames.size() > 100) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Clearing className hashtable (size > 100).");
                        }
                        classNames.clear();
                    }
                } else {
                    str = "<unknown>";
                }
            }
        }
        return str;
    }

    static {
        prefer_iiop_to_local = false;
        isThinClient = false;
        if (PlatformHelperFactory.getPlatformHelper().isZOS()) {
            isThinClient = Boolean.getBoolean("com.ibm.websphere.thinclient");
            if (isThinClient) {
                prefer_iiop_to_local = true;
            } else {
                prefer_iiop_to_local = JAVAtoCPPUtilities.getNativeBooleanVariable("private_bboc_prefer_iiop_to_local", false);
            }
        }
    }
}
