package com.ibm.ISecurityLocalObjectBaseL13Impl;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.IExtendedSecurity.InvalidAdditionalCriteria;
import com.ibm.IExtendedSecurity.MechanismTypeNotRegistered;
import com.ibm.IExtendedSecurity.PrincipalSecurityInfo;
import com.ibm.IExtendedSecurity.RealmNotRegistered;
import com.ibm.IExtendedSecurity.UnknownMapping;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityL13SupportImpl.SecurityUIDGenerator;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsPackage.CredentialsNotSet;
import com.ibm.ISecurityUtilityImpl.AuthenticationTarget;
import com.ibm.ISecurityUtilityImpl.CredentialsHelper;
import com.ibm.ISecurityUtilityImpl.KeyFileEntry;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.SecurityAttributeList;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ISecurityUtilityImpl.SecurityProtocol;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import java.util.Date;
import java.util.Hashtable;
import org.omg.CORBA.Any;
import org.omg.CORBA.BAD_OPERATION;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.IntHolder;
import org.omg.CORBA.NO_IMPLEMENT;
import org.omg.CORBA.Object;
import org.omg.CORBA.StringHolder;
import org.omg.Security.Attribute;
import org.omg.Security.AttributeType;
import org.omg.Security.AuthenticationStatus;
import org.omg.Security.CommunicationDirection;
import org.omg.Security.DuplicateAttributeType;
import org.omg.Security.DuplicateSecurityFeature;
import org.omg.Security.ExtensibleFamily;
import org.omg.Security.InvalidAttributeType;
import org.omg.Security.InvalidAttributeTypeReason;
import org.omg.Security.InvalidCommDirection;
import org.omg.Security.InvalidEnumTypeReason;
import org.omg.Security.InvalidSecurityFeature;
import org.omg.Security.OpaqueHolder;
import org.omg.Security.SecurityFeature;
import org.omg.Security.SecurityFeatureValue;
import org.omg.SecurityLevel2.Credentials;
import org.omg.SecurityLevel2.CredentialsHolder;
import org.omg.SecurityLevel2.InvalidCredential;
import org.omg.SecurityLevel2.LoginFailed;
import org.omg.SecurityLevel2.PrincipalAuthenticator;

/* loaded from: input_file:lib/sas.jar:com/ibm/ISecurityLocalObjectBaseL13Impl/CredentialsImpl.class */
public abstract class CredentialsImpl extends com.ibm.IExtendedSecurityImpl.CredentialsImpl implements Runnable {
    protected static final short ibm_family_definer = 8;
    protected static final short ibm_family = 2;
    protected static final short omg_family_definer = 0;
    protected static final short omg_family = 1;
    protected static final int omg_attribute_count = 5;
    protected static final int ibm_attribute_count = 1;
    protected static final int max_attribute_count = 6;
    protected static final int max_feature_count = 10;
    protected boolean _isForwardable;
    protected String _Oid;
    protected String _Public;
    protected String _UniqueSecurityName;
    protected String _AccessId;
    protected String _PrimaryGroupId;
    protected String[] _GroupIds;
    protected String[] _Roles;
    protected String _HostName;
    protected byte[] _CredentialToken;
    protected String _IdentityType;
    protected byte[] _IdentityValue;
    protected long _expiration;
    protected long _cache_expiration;
    protected boolean _credsExpired;
    protected boolean _credsInvalid;
    protected boolean _credsRejected;
    protected boolean _credsUnauthenticated;
    protected boolean _credsIsDummy;
    protected boolean _credsIsServer;
    protected String _uniqueID;
    protected Object _object;
    protected CredentialsImpl _mappedCreds;
    protected int _mappedCredType;
    protected String _mappedCredTypeString;
    protected String _mappedCredRealmString;
    protected int _authTargetType;
    protected String _authTargetTypeString;
    protected String _authTargetRealmString;
    protected VaultImpl _vault;
    protected ORB _orb;
    protected SecurityConfiguration _config;
    protected CurrentImpl _current;
    protected Hashtable _table;
    protected WSCredential _wsCred;
    protected static final IntHolder expiry_time_now = new IntHolder(0);
    protected static int _configAuthTargetType = 0;
    protected static String _configAuthTargetTypeString = "unknown";
    protected static boolean _atSecurityEnabled = false;
    protected static boolean _baSecurityEnabled = false;
    protected static boolean[] _securityEnabled = {false};
    protected static boolean[] _refreshServerCred = {false};

    /* JADX INFO: Access modifiers changed from: protected */
    public CredentialsImpl() {
        this._isForwardable = true;
        this._Oid = null;
        this._Public = null;
        this._UniqueSecurityName = null;
        this._AccessId = null;
        this._PrimaryGroupId = null;
        this._GroupIds = null;
        this._Roles = null;
        this._HostName = null;
        this._CredentialToken = null;
        this._IdentityType = null;
        this._IdentityValue = null;
        this._expiration = 1L;
        this._cache_expiration = 1L;
        this._credsExpired = false;
        this._credsInvalid = false;
        this._credsRejected = false;
        this._credsUnauthenticated = false;
        this._credsIsDummy = false;
        this._credsIsServer = false;
        this._uniqueID = null;
        this._object = null;
        this._mappedCreds = null;
        this._mappedCredType = 0;
        this._mappedCredTypeString = "unknown";
        this._mappedCredRealmString = "";
        this._authTargetType = 0;
        this._authTargetTypeString = "unknown";
        this._authTargetRealmString = "";
        this._vault = null;
        this._orb = null;
        this._config = null;
        this._current = null;
        this._table = new Hashtable(32);
        this._wsCred = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CredentialsImpl(VaultImpl vaultImpl) {
        this._isForwardable = true;
        this._Oid = null;
        this._Public = null;
        this._UniqueSecurityName = null;
        this._AccessId = null;
        this._PrimaryGroupId = null;
        this._GroupIds = null;
        this._Roles = null;
        this._HostName = null;
        this._CredentialToken = null;
        this._IdentityType = null;
        this._IdentityValue = null;
        this._expiration = 1L;
        this._cache_expiration = 1L;
        this._credsExpired = false;
        this._credsInvalid = false;
        this._credsRejected = false;
        this._credsUnauthenticated = false;
        this._credsIsDummy = false;
        this._credsIsServer = false;
        this._uniqueID = null;
        this._object = null;
        this._mappedCreds = null;
        this._mappedCredType = 0;
        this._mappedCredTypeString = "unknown";
        this._mappedCredRealmString = "";
        this._authTargetType = 0;
        this._authTargetTypeString = "unknown";
        this._authTargetRealmString = "";
        this._vault = null;
        this._orb = null;
        this._config = null;
        this._current = null;
        this._table = new Hashtable(32);
        this._wsCred = null;
        if (vaultImpl == null) {
            SecurityLogger.logError("security.JSAS0010E", new Object[]{"CredentialsImpl.constructor(vault)"});
            invalidate();
            return;
        }
        this._vault = vaultImpl;
        this._orb = this._vault.getORB();
        this._config = VaultImpl.getSecurityConfiguration();
        this._current = current();
        long j = this._config.getrequestCredsExpiration();
        this._cache_expiration = System.currentTimeMillis() + (this._config.getsecurityCacheTimeout() * 1000);
        if (j == 0) {
            this._expiration = 0L;
        } else {
            this._expiration = new Date().getTime() + j;
        }
        if (_configAuthTargetType == 0) {
            _configAuthTargetType = this._config.getauthenticationTarget();
            _configAuthTargetTypeString = (String) AuthenticationTarget.strings.get(new Integer(_configAuthTargetType));
        }
    }

    @Override // com.ibm.IExtendedSecurityImpl.CredentialsImpl, com.ibm.IExtendedSecurity._CredentialsImplBase, org.omg.SecurityLevel2.CredentialsOperations
    public Credentials copy() {
        throw new NO_IMPLEMENT();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Credentials copy(CredentialsImpl credentialsImpl) {
        if (this._credsUnauthenticated && SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.copy", "Copying unauthenticated credentials.");
        }
        if (this._credsInvalid) {
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.copy"});
            credentialsImpl.invalidate();
            return credentialsImpl;
        }
        credentialsImpl._isForwardable = this._isForwardable;
        credentialsImpl._Oid = this._Oid;
        credentialsImpl._Public = this._Public;
        credentialsImpl._UniqueSecurityName = this._UniqueSecurityName;
        credentialsImpl._AccessId = this._AccessId;
        credentialsImpl._PrimaryGroupId = this._PrimaryGroupId;
        credentialsImpl._GroupIds = this._GroupIds;
        credentialsImpl._Roles = this._Roles;
        credentialsImpl._HostName = this._HostName;
        credentialsImpl._CredentialToken = this._CredentialToken;
        credentialsImpl._expiration = this._expiration;
        credentialsImpl._credsExpired = this._credsExpired;
        credentialsImpl._credsInvalid = this._credsInvalid;
        credentialsImpl._credsRejected = this._credsRejected;
        credentialsImpl._credsUnauthenticated = this._credsUnauthenticated;
        credentialsImpl._credsIsDummy = this._credsIsDummy;
        credentialsImpl._credsIsServer = this._credsIsServer;
        credentialsImpl._uniqueID = this._uniqueID;
        credentialsImpl._mappedCreds = this._mappedCreds;
        credentialsImpl._mappedCredType = this._mappedCredType;
        credentialsImpl._mappedCredTypeString = this._mappedCredTypeString;
        credentialsImpl._mappedCredRealmString = this._mappedCredRealmString;
        credentialsImpl._authTargetType = this._authTargetType;
        credentialsImpl._authTargetTypeString = this._authTargetTypeString;
        credentialsImpl._authTargetRealmString = this._authTargetRealmString;
        credentialsImpl._IdentityType = this._IdentityType;
        credentialsImpl._IdentityValue = this._IdentityValue;
        return credentialsImpl;
    }

    public Credentials copyUnique() {
        return (CredentialsImpl) copy();
    }

    protected CurrentImpl current() {
        return this._vault.getCurrent();
    }

    public void destroy() {
        invalidate();
        CurrentImpl current = this._vault.getCurrent();
        try {
            this._vault.delete_default_credentials(this);
            this._vault.deleteEstablishedCredentials(this);
            if (current != null) {
                current.removeCredFromThreadTable(this);
            }
        } catch (InvalidCredential e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.destroy", "547", (Object) this);
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.destroy", e});
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void enableSecurity(int i) {
        if (!this._credsUnauthenticated) {
            this._vault.enableSecurityForCredentials(i);
        } else if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.enableSecurity", "Cannot enable security with an unauthenticated cred.");
        }
    }

    @Override // com.ibm.IExtendedSecurityImpl.CredentialsImpl, com.ibm.IExtendedSecurity._CredentialsImplBase, org.omg.SecurityLevel2.CredentialsOperations
    public Attribute[] get_attributes(AttributeType[] attributeTypeArr) throws InvalidAttributeType, DuplicateAttributeType {
        short s;
        short s2;
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        boolean z7 = false;
        boolean z8 = false;
        try {
        } catch (InvalidCredential e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_attributes", "622", (Object) this);
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.get_attributes", e});
        }
        if (!is_valid(expiry_time_now)) {
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.get_attributes"});
            return null;
        }
        if (attributeTypeArr == null) {
            SecurityLogger.logError("security.JSAS0350E", new Object[]{"CredentialsImpl.get_attributes"});
            return null;
        }
        int length = attributeTypeArr.length;
        Attribute[] attributeArr = new Attribute[length];
        for (int i = 0; i < length; i++) {
            if (attributeTypeArr[i] == null || attributeTypeArr[i].attribute_family == null) {
                SecurityLogger.logError("security.JSAS0350E", new Object[]{"CredentialsImpl.get_attributes"});
                throw new InvalidAttributeType(InvalidAttributeTypeReason.InvalidType, attributeTypeArr[i]);
            }
            if (attributeTypeArr[i].attribute_family.family_definer == 0 && attributeTypeArr[i].attribute_family.family == 1) {
                s = 0;
                s2 = 1;
            } else {
                if (attributeTypeArr[i].attribute_family.family_definer != 8 || attributeTypeArr[i].attribute_family.family != 2) {
                    SecurityLogger.logError("security.JSAS0350E", new Object[]{"CredentialsImpl.get_attributes"});
                    throw new InvalidAttributeType(InvalidAttributeTypeReason.InvalidType, attributeTypeArr[i]);
                }
                s = 8;
                s2 = 2;
            }
            attributeArr[i] = new Attribute();
            attributeArr[i].attribute_type = new AttributeType();
            attributeArr[i].attribute_type.attribute_family = new ExtensibleFamily(s, s2);
            if (s == 0) {
                switch (attributeTypeArr[i].attribute_type) {
                    case 1:
                        if (z) {
                            z7 = true;
                            break;
                        } else {
                            z = true;
                            attributeArr[i].attribute_type.attribute_type = 1;
                            attributeArr[i].value = StringBytesConversion.getConvertedBytes(this._Public);
                            break;
                        }
                    case 2:
                        if (z2) {
                            z7 = true;
                            break;
                        } else {
                            z2 = true;
                            attributeArr[i].attribute_type.attribute_type = 2;
                            attributeArr[i].value = StringBytesConversion.getConvertedBytes(this._AccessId);
                            break;
                        }
                    case 3:
                        if (z3) {
                            z7 = true;
                            break;
                        } else {
                            z3 = true;
                            attributeArr[i].attribute_type.attribute_type = 3;
                            attributeArr[i].value = StringBytesConversion.getConvertedBytes(this._PrimaryGroupId);
                            break;
                        }
                    case 4:
                        if (z4) {
                            z7 = true;
                            break;
                        } else {
                            z4 = true;
                            attributeArr[i].attribute_type.attribute_type = 4;
                            attributeArr[i].value = SecurityAttributeList.getAttributeByteArray(this._GroupIds);
                            break;
                        }
                    case 5:
                        if (z5) {
                            z7 = true;
                            break;
                        } else {
                            z5 = true;
                            attributeArr[i].attribute_type.attribute_type = 5;
                            attributeArr[i].value = SecurityAttributeList.getAttributeByteArray(this._Roles);
                            break;
                        }
                    default:
                        z8 = true;
                        break;
                }
            } else {
                switch (attributeTypeArr[i].attribute_type) {
                    case 2:
                        if (z6) {
                            z7 = true;
                            break;
                        } else {
                            z6 = true;
                            attributeArr[i].attribute_type.attribute_type = 2;
                            attributeArr[i].value = StringBytesConversion.getConvertedBytes(this._HostName);
                            break;
                        }
                    default:
                        z8 = true;
                        break;
                }
            }
            if (z8) {
                SecurityLogger.logError("security.JSAS0350E", new Object[]{"CredentialsImpl.get_attributes"});
                throw new InvalidAttributeType(InvalidAttributeTypeReason.InvalidType, attributeTypeArr[i]);
            }
            if (z7) {
                SecurityLogger.logError("security.JSAS0350E", new Object[]{"CredentialsImpl.get_attributes"});
                throw new DuplicateAttributeType(attributeTypeArr[i]);
            }
        }
        return attributeArr;
    }

    public void get_credential_token(StringHolder stringHolder, OpaqueHolder opaqueHolder) throws CredentialsNotSet {
        throw new NO_IMPLEMENT();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public void get_credential_token(StringHolder stringHolder, OpaqueHolder opaqueHolder, CredentialsNotSet credentialsNotSet) throws CredentialsNotSet {
        if (this._credsUnauthenticated) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.get_credential_token", "Credentials are unauthenticated. No token is available.");
            }
            stringHolder.value = this._Public;
            opaqueHolder.value = null;
            return;
        }
        try {
        } catch (InvalidCredential e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_credential_token", "849", (Object) this);
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.get_credential_token"});
        }
        if (is_valid(expiry_time_now)) {
            stringHolder.value = this._Public;
            opaqueHolder.value = this._CredentialToken;
        } else {
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.get_credential_token"});
            stringHolder.value = null;
            opaqueHolder.value = null;
            throw credentialsNotSet;
        }
    }

    public long getExpiration() {
        return this._expiration;
    }

    public void setExpiration(long j) {
        this._expiration = j;
    }

    public WSCredential getWSCredential() {
        return this._wsCred;
    }

    public void setWSCredential(WSCredential wSCredential) {
        this._wsCred = wSCredential;
    }

    @Override // com.ibm.IExtendedSecurityImpl.CredentialsImpl, com.ibm.IExtendedSecurity._CredentialsImplBase, com.ibm.IExtendedSecurity.CredentialsOperations
    public Credentials get_mapped_credentials(String str, String str2, Any any) throws MechanismTypeNotRegistered, RealmNotRegistered, InvalidAdditionalCriteria, UnknownMapping {
        throw new NO_IMPLEMENT();
    }

    public Credentials get_mapped_credentials(String str, String str2, Any any, boolean z, boolean z2, boolean z3) throws MechanismTypeNotRegistered, RealmNotRegistered, InvalidAdditionalCriteria, UnknownMapping {
        int i;
        String str3;
        String str4;
        String str5;
        String str6;
        Credentials credentials;
        if (this._credsUnauthenticated) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", "No mapped credentials are available for unauthenticated credentials.");
            }
            this._mappedCreds = null;
            return null;
        }
        try {
        } catch (InvalidCredential e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_mapped_credentials", "930", (Object) this);
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.get_mapped_credentials", e});
        }
        if (!is_valid(expiry_time_now)) {
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.get_mapped_credentials"});
            this._mappedCreds = null;
            return null;
        }
        if (str != null) {
            str = str.trim();
        }
        if (str == null || str.length() == 0) {
            i = _configAuthTargetType;
            str3 = _configAuthTargetTypeString;
        } else if (str.equalsIgnoreCase(AuthenticationTarget.BasicAuthString)) {
            i = 4;
            str3 = AuthenticationTarget.BasicAuthString;
        } else if (str.equalsIgnoreCase("localos")) {
            i = 2;
            str3 = "localos";
        } else if (str.equalsIgnoreCase(AuthenticationTarget.LTPAString)) {
            i = 1;
            str3 = AuthenticationTarget.LTPAString;
        } else if (str.equalsIgnoreCase(AuthenticationTarget.CustomString)) {
            i = 8;
            str3 = AuthenticationTarget.CustomString;
        } else if (str.equalsIgnoreCase(AuthenticationTarget.KRB5String)) {
            i = 6;
            str3 = AuthenticationTarget.KRB5String;
        } else {
            if (!str.equalsIgnoreCase("unknown")) {
                SecurityLogger.logError("security.JSAS0473E", new Object[]{"CredentialsImpl.get_mapped_credentials"});
                throw new MechanismTypeNotRegistered();
            }
            i = 0;
            str3 = "unknown";
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", new StringBuffer().append("Authentication type is ").append(str3).append(".").toString());
        }
        if (str2 == null) {
            str4 = this._authTargetRealmString;
            str5 = "";
            str6 = "NULL";
        } else {
            str2 = str2.trim();
            if (str2.length() == 0) {
                str4 = this._authTargetRealmString;
                str5 = "";
                str6 = "\"\"";
            } else {
                str4 = str2;
                str5 = str2;
                str6 = str2;
            }
        }
        if (i == this._authTargetType && realmsMatch(str5, this._authTargetRealmString)) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", "Realm and mechanism type match the request.");
            }
            return this;
        }
        if (this._mappedCreds != null && i == this._mappedCredType && realmsMatch(str5, this._mappedCredRealmString)) {
            try {
            } catch (InvalidCredential e2) {
                FFDCFilter.processException((Throwable) e2, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_mapped_credentials", "1057", (Object) this);
                SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.get_mapped_credentials", e2});
            }
            if (this._mappedCreds.is_valid(expiry_time_now)) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", "Returning mapped creds.");
                }
                return this._mappedCreds;
            }
            this._mappedCreds = null;
        }
        String securityName = RealmSecurityName.getSecurityName(this._Public);
        CredentialsImpl credentialsImpl = null;
        if (z) {
            credentialsImpl = (CredentialsImpl) this._vault.getEstablishedCreds(securityName, str4, str3);
        }
        if (credentialsImpl != null) {
            try {
                if (credentialsImpl.is_valid(expiry_time_now)) {
                    this._mappedCreds = credentialsImpl;
                    this._mappedCredType = i;
                    this._mappedCredTypeString = str3;
                    this._mappedCredRealmString = str4;
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", "Returning mapped creds from established creds list.");
                    }
                    return credentialsImpl;
                }
            } catch (InvalidCredential e3) {
                FFDCFilter.processException((Throwable) e3, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_mapped_credentials", "1093", (Object) this);
                SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.get_mapped_credentials", e3});
            }
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", new StringBuffer().append("Valid mapped credentials do not exist, attempting to form new ").append(str3).append(" credentials for ").append(str6).append("/").append(securityName).append(".").toString());
        }
        LoginHelperImpl loginHelperImpl = (LoginHelperImpl) current().login_helper();
        if (loginHelperImpl == null) {
            SecurityLogger.logError("security.JSAS0020E", new Object[]{"CredentialsImpl.get_mapped_credentials"});
            return null;
        }
        CredentialsHolder credentialsHolder = null;
        String str7 = null;
        boolean z4 = false;
        if (any != null) {
            try {
                z4 = any.extract_long() == -18;
            } catch (Exception e4) {
                FFDCFilter.processException(e4, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_mapped_credentials", "1137", this);
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", "Invalid additional criteria.");
                }
                z4 = false;
            }
        }
        if (!z4) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", new StringBuffer().append("_authTargetType: ").append(this._authTargetType).append(", mechanism_type: ").append(i).toString());
            }
            if (this._authTargetType == 4) {
                str7 = StringBytesConversion.getConvertedString(this._CredentialToken);
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", new StringBuffer().append("Got password from credential: ").append(SecurityConfiguration.mask(str7)).toString());
                }
            }
        } else {
            if (!isServer()) {
                if (!SecurityLogger.debugTraceEnabled) {
                    return null;
                }
                SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", "No multi-realm mapping will be performed for a client credential.");
                return null;
            }
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", new StringBuffer().append("Using key file to map server credential for realm: ").append(str2).toString());
            }
            try {
                if (this._config.getkeyFileName() == null || this._config.getkeyFileName().length() <= 0) {
                    SecurityLogger.logError("security.JSAS0480E", new Object[]{"CredentialsImpl.get_mapped_credentials"});
                    return null;
                }
                KeyFileEntry find = loginHelperImpl.getKeyFileObject().find(str2, securityName);
                if (find == null) {
                    SecurityLogger.logError("security.JSAS0480E", new Object[]{"CredentialsImpl.get_mapped_credentials"});
                    return null;
                }
                securityName = find.getUserid();
                str7 = find.getPassword();
            } catch (BAD_OPERATION e5) {
                FFDCFilter.processException((Throwable) e5, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_mapped_credentials", "1193", (Object) this);
                SecurityLogger.logError("security.JSAS0480E", new Object[]{"CredentialsImpl.get_mapped_credentials", e5});
                return null;
            }
        }
        try {
            int i2 = 2;
            if (this._config.getProtocol().equals(SecurityProtocol.IBMString)) {
                i2 = 1;
            }
            PrincipalAuthenticator principalAuthenticator = this._vault.getMechanismFactory().getPrincipalAuthenticator(this._config.getauthenticationTarget(), i2);
            CredentialsHolder credentialsHolder2 = new CredentialsHolder();
            AuthenticationStatus authenticationStatus = null;
            try {
                try {
                    authenticationStatus = principalAuthenticator.authenticate(0, securityName, StringBytesConversion.getConvertedBytes(str7), null, credentialsHolder2, new OpaqueHolder(), new OpaqueHolder());
                } catch (LoginFailed e6) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", "LoginFailed exception occurred in principal authenticator.");
                        SecurityLogger.logException("CredentialsImpl.get_mapped_credentials", e6, 0, 0);
                    }
                    FFDCFilter.processException((Throwable) e6, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_mapped_credentials", "1292", (Object) this);
                }
            } catch (Exception e7) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", "Generic exception occurred in principal authenticator.");
                    SecurityLogger.logException("CredentialsImpl.get_mapped_credentials", e7, 0, 0);
                }
                FFDCFilter.processException(e7, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_mapped_credentials", "1297", this);
            }
            if (authenticationStatus == AuthenticationStatus.SecAuthSuccess) {
                credentials = credentialsHolder2.value;
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", "Authentication success");
                }
            } else {
                credentials = null;
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", "Authentication Failed");
                }
            }
            if (z3) {
                try {
                    this._current.set_invocation_credentials(credentialsHolder.value);
                } catch (InvalidCredential e8) {
                    FFDCFilter.processException((Throwable) e8, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_mapped_credentials", "1276", (Object) this);
                    SecurityLogger.logError("security.JSAS0054E", new Object[]{"CredentialsImpl.get_mapped_credentials", e8});
                    credentials = null;
                }
            }
            if (z2 && (credentials instanceof com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl)) {
                try {
                    this._vault.add_default_credentials(credentials);
                } catch (InvalidCredential e9) {
                    FFDCFilter.processException((Throwable) e9, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_mapped_credentials", "1293", (Object) this);
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", new StringBuffer().append("Error adding credentials to default credentials list. Reason: ").append(e9.toString()).toString());
                        SecurityLogger.traceException("CredentialsImpl.get_mapped_credentials", (Exception) e9, 0, 0);
                    }
                    credentials = null;
                }
            }
            try {
                this._vault.addEstablishedCredentials(credentials);
            } catch (InvalidCredential e10) {
                FFDCFilter.processException((Throwable) e10, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_mapped_credentials", "1310", (Object) this);
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", new StringBuffer().append("Error adding credentials to established credentials list. Reason: ").append(e10.toString()).toString());
                    SecurityLogger.traceException("CredentialsImpl.get_mapped_credentials", (Exception) e10, 0, 0);
                }
                credentials = null;
            }
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.get_mapped_credentials", new StringBuffer().append("Login successful for user: ").append(securityName).append(", Mechanism OID: ").append(((CredentialsImpl) credentials).getOID()).toString());
            }
        } catch (Exception e11) {
            FFDCFilter.processException(e11, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_mapped_credentials", "1329", this);
            SecurityLogger.logError("security.JSAS0240E", new Object[]{"CredentialsImpl.get_mapped_credentials", e11});
            credentials = null;
        }
        if (credentials != null) {
            this._mappedCreds = (CredentialsImpl) credentials;
            this._mappedCredType = this._mappedCreds._authTargetType;
            this._mappedCredTypeString = this._mappedCreds._authTargetTypeString;
            this._mappedCredRealmString = RealmSecurityName.getRealm(this._mappedCreds._Public);
        } else {
            SecurityLogger.logError("security.JSAS0240E", new Object[]{"CredentialsImpl.get_mapped_credentials"});
        }
        return credentials;
    }

    public Credentials get_mapped_creds(String str, String str2, Any any, boolean z, boolean z2, boolean z3) throws LoginFailed, MechanismTypeNotRegistered, RealmNotRegistered, InvalidAdditionalCriteria, UnknownMapping {
        Credentials credentials = get_mapped_credentials(str, str2, any, z, z2, z3);
        if (credentials == null) {
            throw new LoginFailed();
        }
        return credentials;
    }

    @Override // com.ibm.IExtendedSecurityImpl.CredentialsImpl, com.ibm.IExtendedSecurity._CredentialsImplBase, com.ibm.IExtendedSecurity.CredentialsOperations
    public PrincipalSecurityInfo get_mapped_security_info(String str, String str2, Any any) throws MechanismTypeNotRegistered, RealmNotRegistered, InvalidAdditionalCriteria {
        throw new NO_IMPLEMENT();
    }

    @Override // com.ibm.IExtendedSecurityImpl.CredentialsImpl, com.ibm.IExtendedSecurity._CredentialsImplBase, org.omg.SecurityLevel2.CredentialsOperations
    public SecurityFeatureValue[] get_security_features(CommunicationDirection communicationDirection) throws InvalidCommDirection {
        if (this._credsUnauthenticated) {
            if (!SecurityLogger.debugTraceEnabled) {
                return null;
            }
            SecurityLogger.debugMessage("CredentialsImpl.get_security_features", "No security features defined for unauthenticated credentials.");
            return null;
        }
        if (communicationDirection.value() != 0) {
            SecurityLogger.logError("security.JSAS0340E", new Object[]{"CredentialsImpl.get_security_features"});
            throw new InvalidCommDirection(InvalidEnumTypeReason.NotSupported, communicationDirection);
        }
        try {
        } catch (InvalidCredential e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.get_security_features", "1438", (Object) this);
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.get_security_features", e});
        }
        if (!is_valid(expiry_time_now)) {
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.get_security_features"});
            return null;
        }
        SecurityFeatureValue[] securityFeatureValueArr = new SecurityFeatureValue[10];
        securityFeatureValueArr[0] = new SecurityFeatureValue(SecurityFeature.SecNoDelegation, false);
        securityFeatureValueArr[1] = new SecurityFeatureValue(SecurityFeature.SecSimpleDelegation, true);
        securityFeatureValueArr[2] = new SecurityFeatureValue(SecurityFeature.SecCompositeDelegation, false);
        securityFeatureValueArr[3] = new SecurityFeatureValue(SecurityFeature.SecNoProtection, false);
        securityFeatureValueArr[4] = new SecurityFeatureValue(SecurityFeature.SecIntegrity, this._config.claimMessageIntegrityRequired());
        securityFeatureValueArr[5] = new SecurityFeatureValue(SecurityFeature.SecConfidentiality, this._config.claimMessageConfidentialityRequired());
        securityFeatureValueArr[6] = new SecurityFeatureValue(SecurityFeature.SecIntegrityAndConfidentiality, this._config.claimMessageIntegrityRequired() && this._config.claimMessageConfidentialityRequired());
        securityFeatureValueArr[7] = new SecurityFeatureValue(SecurityFeature.SecDetectReplay, this._config.claimMessageReplayDetectionRequired());
        securityFeatureValueArr[8] = new SecurityFeatureValue(SecurityFeature.SecDetectMisordering, this._config.claimMessageOutOfSequenceDetectionRequired());
        securityFeatureValueArr[9] = new SecurityFeatureValue(SecurityFeature.SecEstablishTrustInTarget, this._config.claimServerAuthenticationRequired());
        return securityFeatureValueArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static int getCredentialTypeInt(Credentials credentials) {
        if (credentials == null) {
            return 0;
        }
        if (credentials instanceof com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl) {
            return 4;
        }
        if (credentials instanceof com.ibm.ISecurityLocalObjectLocalOSImpl.CredentialsImpl) {
            return 2;
        }
        if (credentials instanceof com.ibm.ISecurityLocalObjectLTPAImpl.CredentialsImpl) {
            return 1;
        }
        if (credentials instanceof com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl) {
            return ((com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl) credentials).getAuthType();
        }
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getCredentialTypeString(Credentials credentials) {
        return credentials == null ? "unknown" : credentials instanceof com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl ? AuthenticationTarget.BasicAuthString : credentials instanceof com.ibm.ISecurityLocalObjectLocalOSImpl.CredentialsImpl ? "localos" : credentials instanceof com.ibm.ISecurityLocalObjectLTPAImpl.CredentialsImpl ? AuthenticationTarget.LTPAString : credentials instanceof com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl ? ((com.ibm.ISecurityLocalObjectTokenBaseImpl.CredentialsImpl) credentials).getAuthTypeString() : "unknown";
    }

    public String getUniqueID() throws InvalidCredential {
        if (this._credsUnauthenticated) {
            if (!SecurityLogger.debugTraceEnabled) {
                return null;
            }
            SecurityLogger.debugMessage("CredentialsImpl.getUniqueID", "No unique id for unauthenticated credentials.");
            return null;
        }
        try {
        } catch (InvalidCredential e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.getUniqueID", "1548", (Object) this);
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.getUniqueID", e});
        }
        if (!is_valid(expiry_time_now)) {
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.getUniqueID"});
            throw new InvalidCredential();
        }
        if (this._uniqueID == null || this._uniqueID.length() == 0) {
            this._uniqueID = SecurityUIDGenerator.createUID();
        }
        return this._uniqueID;
    }

    public String getIdentityType() throws InvalidCredential {
        if (this._credsUnauthenticated) {
            if (!SecurityLogger.debugTraceEnabled) {
                return null;
            }
            SecurityLogger.debugMessage("CredentialsImpl.getIdentityType", "No unique id for unauthenticated credentials.");
            return null;
        }
        try {
        } catch (InvalidCredential e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.getIdentityType", "1592", (Object) this);
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.getIdentityType", e});
        }
        if (is_valid(expiry_time_now)) {
            return this._IdentityType;
        }
        SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.getIdentityType"});
        throw new InvalidCredential();
    }

    public byte[] getIdentityValue() throws InvalidCredential {
        if (this._credsUnauthenticated) {
            if (!SecurityLogger.debugTraceEnabled) {
                return null;
            }
            SecurityLogger.debugMessage("CredentialsImpl.getIdentityValue", "No unique id for unauthenticated credentials.");
            return null;
        }
        try {
        } catch (InvalidCredential e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.getIdentityValue", "1635", (Object) this);
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.getIdentityValue", e});
        }
        if (is_valid(expiry_time_now)) {
            return this._IdentityValue;
        }
        SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.getIdentityValue"});
        throw new InvalidCredential();
    }

    public void initialize(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, String str2, String str3) throws InvalidAttributeType, DuplicateAttributeType, InvalidCredential {
        short s = 0;
        short s2 = 1;
        Attribute[] attributeArr = new Attribute[6];
        for (int i = 0; i < 6; i++) {
            if (i == 5) {
                s = 8;
                s2 = 2;
            }
            attributeArr[i] = new Attribute();
            attributeArr[i].attribute_type = new AttributeType();
            attributeArr[i].attribute_type.attribute_family = new ExtensibleFamily(s, s2);
        }
        attributeArr[0].attribute_type.attribute_type = 1;
        attributeArr[0].value = StringBytesConversion.getConvertedBytes(str);
        attributeArr[1].attribute_type.attribute_type = 2;
        attributeArr[1].value = bArr;
        attributeArr[2].attribute_type.attribute_type = 3;
        attributeArr[2].value = bArr2;
        attributeArr[3].attribute_type.attribute_type = 4;
        attributeArr[3].value = bArr3;
        attributeArr[4].attribute_type.attribute_type = 5;
        attributeArr[4].value = StringBytesConversion.getConvertedBytes(str2);
        attributeArr[5].attribute_type.attribute_type = 2;
        attributeArr[5].value = StringBytesConversion.getConvertedBytes(str3);
        try {
            set_attributes(attributeArr);
            try {
                this._vault.addEstablishedCredentials(this);
                setUniqueID(str);
            } catch (InvalidCredential e) {
                FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.initialize", "1723", (Object) this);
                SecurityLogger.logException("CredentialsImpl.constructor", e, 0, 0);
                throw e;
            }
        } catch (DuplicateAttributeType e2) {
            FFDCFilter.processException((Throwable) e2, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.initialize", "1710", (Object) this);
            SecurityLogger.logError("security.JSAS0355E", new Object[]{"CredentialsImpl.constructor", e2});
            throw e2;
        } catch (InvalidAttributeType e3) {
            FFDCFilter.processException((Throwable) e3, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.initialize", "1703", (Object) this);
            SecurityLogger.logError("security.JSAS0310E", new Object[]{"CredentialsImpl.constructor", e3});
            throw e3;
        }
    }

    @Override // com.ibm.IExtendedSecurityImpl.CredentialsImpl, com.ibm.IExtendedSecurity._CredentialsImplBase, com.ibm.IExtendedSecurity.CredentialsOperations
    public void invalidate() {
        if (VaultImpl.isServerCred(getCredentialTypeInt(this), this)) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.invalidate", "Attempted to invalidate server credentials.");
                return;
            }
            return;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.invalidate", "Invalidated client credentials.");
        }
        this._Public = null;
        this._UniqueSecurityName = null;
        this._AccessId = null;
        this._PrimaryGroupId = null;
        this._GroupIds = null;
        this._Roles = null;
        this._HostName = null;
        this._CredentialToken = null;
        this._expiration = 1L;
        this._credsExpired = true;
        this._credsInvalid = true;
        this._credsIsDummy = false;
        this._credsIsServer = false;
        this._uniqueID = null;
        this._mappedCreds = null;
        this._mappedCredType = 0;
        this._mappedCredTypeString = "unknown";
        this._mappedCredRealmString = "";
        this._authTargetType = 0;
        this._authTargetTypeString = "unknown";
        this._authTargetRealmString = "";
    }

    protected void invalidateByExpiration() {
        if (this._credsExpired) {
            return;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.invalidateByExpiration", new StringBuffer().append("The ").append(getCredentialTypeString(this)).append(" credentials for ").append(this._Public == null ? "NULL" : this._Public.length() == 0 ? "\"\"" : this._Public).append(" expired.").toString());
        }
        this._expiration = 1L;
        this._credsExpired = true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void invalidateByRejection() {
        if (this._credsRejected) {
            return;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.invalidateByRejection", new StringBuffer().append("The ").append(getCredentialTypeString(this)).append(" credentials for ").append(this._Public == null ? "NULL" : this._Public.length() == 0 ? "\"\"" : this._Public).append(" failed authentication.").toString());
        }
        invalidate();
        this._credsRejected = true;
    }

    public boolean is_cache_expiration_valid(IntHolder intHolder) {
        long j = intHolder.value;
        if (j < 0) {
            SecurityLogger.logError("security.JSAS0475E", new Object[]{"CredentialsImpl.is_valid"});
            return false;
        }
        long time = new Date().getTime();
        long j2 = this._cache_expiration - time;
        if (j < j2) {
            return true;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.is_valid", new StringBuffer().append("Current time: ").append(time).append(", credential expiration: ").append(this._expiration).append(", time remaining: ").append(j2).append(".").toString());
        }
        int credentialTypeInt = getCredentialTypeInt(this);
        String credentialTypeString = getCredentialTypeString(this);
        if (VaultImpl.getServerCred(credentialTypeInt) != null) {
            return VaultImpl.isServerCred(credentialTypeInt, this);
        }
        SecurityLogger.logError("security.JSAS0494E", new Object[]{"CredentialsImpl.is_valid", credentialTypeString});
        return true;
    }

    @Override // com.ibm.IExtendedSecurityImpl.CredentialsImpl, com.ibm.IExtendedSecurity._CredentialsImplBase, org.omg.SecurityLevel2.CredentialsOperations
    public boolean is_valid(IntHolder intHolder) throws InvalidCredential {
        long j = intHolder.value;
        if (j < 0) {
            SecurityLogger.logError("security.JSAS0475E", new Object[]{"CredentialsImpl.is_valid"});
            return false;
        }
        if (this._credsInvalid) {
            if (!SecurityLogger.debugTraceEnabled) {
                return false;
            }
            SecurityLogger.debugMessage("CredentialsImpl.is_valid", "Client credentials are invalid.  is_valid returning false.");
            return false;
        }
        this._cache_expiration = System.currentTimeMillis() + (this._config.getsecurityCacheTimeout() * 1000);
        if (this._expiration == 0) {
            return true;
        }
        long time = new Date().getTime();
        long j2 = this._expiration - time;
        if (j < j2) {
            return true;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.is_valid", new StringBuffer().append("Current time: ").append(time).append(", credential expiration: ").append(this._expiration).append(", time remaining: ").append(j2).append(".").toString());
        }
        int credentialTypeInt = getCredentialTypeInt(this);
        String credentialTypeString = getCredentialTypeString(this);
        CredentialsImpl serverCred = VaultImpl.getServerCred(credentialTypeInt);
        if (serverCred == null) {
            SecurityLogger.logError("security.JSAS0494E", new Object[]{"CredentialsImpl.is_valid", credentialTypeString});
            return true;
        }
        if (!VaultImpl.isServerCred(credentialTypeInt, this)) {
            if (j2 <= 0) {
                invalidateByExpiration();
            }
            if (!SecurityLogger.debugTraceEnabled) {
                return false;
            }
            SecurityLogger.debugMessage("CredentialsImpl.is_valid", "Client credentials are expired.  is_valid returning false.");
            return false;
        }
        if (serverCred._expiration < time + j) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.is_valid", "Refreshing server's credentials.");
            }
            refreshServerCred(serverCred);
        } else if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.is_valid", "Not refreshing server's credentials.");
        }
        this._CredentialToken = serverCred._CredentialToken;
        this._credsExpired = serverCred._credsExpired;
        this._expiration = serverCred._expiration;
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.is_valid", new StringBuffer().append("Updated the server's ").append(credentialTypeString).append(" credentials, new expiration == ").append(this._expiration).toString());
        }
        WSCredential wSCredential = serverCred.getWSCredential();
        if (wSCredential != null && (!wSCredential.isCurrent() || wSCredential.isDestroyed())) {
            serverCred.setWSCredential(null);
        }
        WSCredential wSCredential2 = getWSCredential();
        if (wSCredential2 == null) {
            return true;
        }
        if (wSCredential2.isCurrent() && !wSCredential2.isDestroyed()) {
            return true;
        }
        setWSCredential(null);
        return true;
    }

    public String getOID() {
        return this._Oid;
    }

    public void setOID(String str) {
        this._Oid = str;
    }

    public Object getObject() {
        return this._object;
    }

    public void setObject(Object obj) {
        this._object = obj;
    }

    public Object get(String str) {
        return this._table.get(str);
    }

    public Object set(String str, Object obj) {
        return this._table.put(str, obj);
    }

    public String[] getRoles() {
        return this._Roles;
    }

    public void setRoles(String[] strArr) {
        this._Roles = strArr;
    }

    public String[] getGroupIds() {
        return this._GroupIds;
    }

    public void setGroupIds(String[] strArr) {
        this._GroupIds = strArr;
    }

    public String getPrimaryGroupId() {
        return this._PrimaryGroupId;
    }

    public void setPrimaryGroupId(String str) {
        this._PrimaryGroupId = str;
    }

    public String getAccessId() {
        return this._AccessId;
    }

    public void setAccessId(String str) {
        this._AccessId = str;
    }

    public String getPublic() {
        return this._Public;
    }

    public void setPublic(String str) {
        this._Public = str;
    }

    public String getUniqueSecurityName() {
        return this._UniqueSecurityName;
    }

    public void setUniqueSecurityName(String str) {
        this._UniqueSecurityName = str;
    }

    public String getHostName() {
        return this._HostName;
    }

    public void setHostName(String str) {
        this._HostName = str;
    }

    public Hashtable getTable() {
        return (Hashtable) this._table.clone();
    }

    public void setTable(Hashtable hashtable) {
        this._table = (Hashtable) hashtable.clone();
    }

    public boolean isDummy() {
        return this._credsIsDummy;
    }

    public boolean isEquivalent(CredentialsImpl credentialsImpl) {
        return !this._credsInvalid && credentialsImpl != null && !credentialsImpl._credsInvalid && getClass().getName().equals(credentialsImpl.getClass().getName()) && this._Public.equals(credentialsImpl._Public) && this._AccessId.equals(credentialsImpl._AccessId) && this._HostName.equals(credentialsImpl._HostName);
    }

    public boolean equals(Object object) {
        return isEquivalent((CredentialsImpl) object);
    }

    public int hashCode() {
        String convertedString;
        String accessID = CredentialsHelper.getAccessID(this);
        if ((this instanceof com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl) && (convertedString = StringBytesConversion.getConvertedString(this._CredentialToken)) != null && convertedString.length() > 0) {
            accessID = new StringBuffer().append(accessID).append(convertedString).toString();
        }
        return accessID.hashCode();
    }

    public boolean isForwardable() {
        return this._isForwardable;
    }

    public void setForwardable(boolean z) {
        this._isForwardable = z;
    }

    public boolean isForwardable(String str) {
        return false;
    }

    public boolean isForwardable(String str, String str2) {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isForwardable(String str, boolean z) {
        if (this._credsUnauthenticated) {
            if (!SecurityLogger.debugTraceEnabled) {
                return false;
            }
            SecurityLogger.debugMessage("CredentialsImpl.isForwardable", "Unauthenticated credentials are not forwardable.");
            return false;
        }
        try {
        } catch (InvalidCredential e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.isForwardable", "2036", (Object) this);
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.isForwardable", e});
        }
        if (!is_valid(expiry_time_now)) {
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.isForwardable"});
            return false;
        }
        String realm = RealmSecurityName.getRealm(this._Public);
        String realm2 = RealmSecurityName.getRealm(str, null);
        boolean z2 = realm.length() == 0 || realm.equalsIgnoreCase(realm2) || (z && realm2.length() == 0);
        if (!z2 && SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.isForwardable", new StringBuffer().append("Target realm does not match current realm, target realm: ").append(realm2).append(", current realm: ").append(realm).append(".").toString());
        }
        return z2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isInvalidByExpiration() {
        return !this._credsInvalid && this._credsExpired;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isInvalidByRejection() {
        return this._credsRejected;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSecurityEnabled(int i) {
        boolean z;
        synchronized (_securityEnabled) {
            if (!_securityEnabled[0]) {
                _securityEnabled[0] = VaultImpl.isSecurityEnabled(i);
            }
            z = _securityEnabled[0];
        }
        return z;
    }

    public boolean isServer() {
        return this._credsIsServer;
    }

    public boolean isUnauthenticated() {
        return this._credsUnauthenticated;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void markAsDummy() {
        this._credsIsDummy = true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void markAsServer() {
        if (this._config.getauthenticationTarget() != 4) {
            this._credsIsServer = true;
        }
    }

    public final void markAsUnauthenticated() {
        this._credsUnauthenticated = true;
    }

    protected boolean realmsMatch(String str, String str2) {
        if (str == null || str2 == null || str.length() == 0 || str2.length() == 0 || str.equals("localHost") || str2.equals("localHost") || str.equals("client-side-operation") || str2.equals("client-side-operation")) {
            return true;
        }
        return str.equals(str2);
    }

    @Override // com.ibm.IExtendedSecurityImpl.CredentialsImpl, com.ibm.IExtendedSecurity._CredentialsImplBase, org.omg.SecurityLevel2.CredentialsOperations
    public boolean refresh() throws InvalidCredential {
        if (this._credsUnauthenticated) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.refresh", "Cannot refresh unauthenticated credentials.");
            }
            throw new InvalidCredential();
        }
        if (!this._credsInvalid) {
            return false;
        }
        SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.refresh"});
        throw new InvalidCredential();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean refresh(int i) throws InvalidCredential {
        CredentialsImpl credentialsImpl;
        if (this._credsUnauthenticated) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.refresh", "Cannot refresh unauthenticated credential.");
            }
            throw new InvalidCredential();
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.refresh", new StringBuffer().append("The credential trying to refresh is serverCred: ").append(VaultImpl.isServerCred(i, this)).toString());
        }
        if (this._credsInvalid && !VaultImpl.isServerCred(i, this)) {
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.refresh"});
            throw new InvalidCredential();
        }
        this._mappedCreds = null;
        LoginHelperImpl loginHelperImpl = (LoginHelperImpl) current().login_helper();
        if (loginHelperImpl == null) {
            SecurityLogger.logError("security.JSAS0020E", new Object[]{"CredentialsImpl.refresh"});
            return false;
        }
        try {
            String str = this._Public;
            credentialsImpl = (CredentialsImpl) loginHelperImpl.request_login_controlled(RealmSecurityName.getSecurityName(str), RealmSecurityName.getRealm(str), null, null, null, false, i, false);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.refresh", "2294", this);
            SecurityLogger.logError("security.JSAS0240E", new Object[]{"CredentialsImpl.refresh", e});
            credentialsImpl = null;
        } catch (LoginFailed e2) {
            FFDCFilter.processException((Throwable) e2, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.refresh", "2287", (Object) this);
            SecurityLogger.logError("security.JSAS0240E", new Object[]{"CredentialsImpl.refresh", e2});
            credentialsImpl = null;
        }
        if (credentialsImpl == null) {
            SecurityLogger.logError("security.JSAS0240E", new Object[]{"CredentialsImpl.refresh"});
            return false;
        }
        boolean isEquivalent = isEquivalent(credentialsImpl);
        if (isEquivalent) {
            this._CredentialToken = credentialsImpl._CredentialToken;
            this._credsExpired = credentialsImpl._credsExpired;
            this._expiration = credentialsImpl._expiration;
        }
        return isEquivalent;
    }

    protected void refreshServerCred(CredentialsImpl credentialsImpl) {
        boolean z;
        String credentialTypeString = getCredentialTypeString(credentialsImpl);
        long time = new Date().getTime() + (this._config.getMinimumRequestCredsExpiration() * 1000);
        boolean z2 = false;
        synchronized (_refreshServerCred) {
            if (!_refreshServerCred[0]) {
                _refreshServerCred[0] = true;
                z2 = true;
            }
        }
        if (!z2) {
            this._credsExpired = false;
            this._expiration = time;
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.refreshServerCred", new StringBuffer().append("Reset the server's ").append(credentialTypeString).append(" credentials ... new expiration == ").append(this._expiration).toString());
                return;
            }
            return;
        }
        try {
            z = credentialsImpl.refresh(getCredentialTypeInt(credentialsImpl));
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.refreshServerCred", "2370", this);
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.refreshServerCred", e});
            z = false;
        } catch (InvalidCredential e2) {
            FFDCFilter.processException((Throwable) e2, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.refreshServerCred", "2363", (Object) this);
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.refreshServerCred", e2});
            z = false;
        }
        if (!z) {
            credentialsImpl._credsExpired = false;
            credentialsImpl._expiration = time;
            SecurityLogger.logError("security.JSAS1474W", new Object[]{"CredentialsImpl.refreshServerCred"});
        } else if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.refreshServerCred", new StringBuffer().append("Refreshed the server's ").append(credentialTypeString).append(" credentials ... new expiration == ").append(this._expiration).toString());
        }
        if (this != credentialsImpl) {
            this._CredentialToken = credentialsImpl._CredentialToken;
            this._credsExpired = credentialsImpl._credsExpired;
            this._expiration = credentialsImpl._expiration;
        }
        synchronized (_refreshServerCred) {
            _refreshServerCred[0] = false;
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        if (this._expiration == 0) {
            return;
        }
        String credentialTypeString = getCredentialTypeString(this);
        String str = this._Public;
        if (str == null || str.length() == 0) {
            SecurityLogger.logError("security.JSAS0495E", new Object[]{"CredentialsImpl.run"});
            throw new INTERNAL();
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.run", new StringBuffer().append("The server's ").append(credentialTypeString).append(" credentials are valid ... realm/name == ").append(str).append(".").toString());
        }
        long j = this._config.getsecurityCacheTimeout() * 800;
        long time = this._expiration - new Date().getTime();
        long requestTimeout = time - this._orb.getRequestTimeout();
        long minimumRequestCredsExpiration = this._config.getMinimumRequestCredsExpiration() * 800;
        long j2 = (time * 800) / 1000;
        if (minimumRequestCredsExpiration < j) {
            minimumRequestCredsExpiration = j;
        }
        if (minimumRequestCredsExpiration > requestTimeout) {
            j2 = (requestTimeout * 800) / 1000;
            SecurityLogger.logError("security.JSAS0496E", new Object[]{"CredentialsImpl.run", credentialTypeString});
        } else if (j2 < minimumRequestCredsExpiration) {
            j2 = minimumRequestCredsExpiration;
        } else if (j2 > requestTimeout) {
            j2 = requestTimeout;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CredentialsImpl.run", new StringBuffer().append("Refresh_timeout == ").append(j2).append(".").toString());
        }
        while (true) {
            try {
                Thread.sleep(j2);
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CredentialsImpl.run", "2500", this);
                SecurityLogger.logError("security.JSAS0479E", new Object[]{"CredentialsImpl.run", e});
            }
            refreshServerCred(this);
        }
    }

    public void set_attributes(Attribute[] attributeArr) throws InvalidAttributeType, DuplicateAttributeType {
        boolean z;
        if (this._credsUnauthenticated) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.set_attributes", "Cannot modify attributes for unauthenticated credentials.");
                return;
            }
            return;
        }
        if (this._credsInvalid) {
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.set_attributes"});
            return;
        }
        if (attributeArr == null) {
            SecurityLogger.logError("security.JSAS0360E", new Object[]{"CredentialsImpl.set_attributes"});
            return;
        }
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        boolean z7 = false;
        boolean z8 = false;
        boolean z9 = false;
        int i = -1;
        int length = attributeArr.length;
        for (int i2 = 0; i2 < length; i2++) {
            if (attributeArr[i2] == null) {
                SecurityLogger.logError("security.JSAS0380E", new Object[]{"CredentialsImpl.set_attributes"});
                z9 = true;
                i = i2;
            } else if (attributeArr[i2].attribute_type != null && attributeArr[i2].attribute_type.attribute_family != null) {
                if (attributeArr[i2].attribute_type.attribute_family.family_definer == 0 && attributeArr[i2].attribute_type.attribute_family.family == 1) {
                    z = false;
                } else if (attributeArr[i2].attribute_type.attribute_family.family_definer == 8 && attributeArr[i2].attribute_type.attribute_family.family == 2) {
                    z = 8;
                } else {
                    SecurityLogger.logError("security.JSAS0350E", new Object[]{"CredentialsImpl.set_attributes"});
                    z9 = true;
                    i = i2;
                }
                if (z) {
                    switch (attributeArr[i2].attribute_type.attribute_type) {
                        case 2:
                            if (z7) {
                                z8 = true;
                                i = i2;
                                break;
                            } else {
                                z7 = true;
                                this._HostName = StringBytesConversion.getConvertedString(attributeArr[i2].value);
                                break;
                            }
                        default:
                            z9 = true;
                            i = i2;
                            break;
                    }
                } else {
                    switch (attributeArr[i2].attribute_type.attribute_type) {
                        case 1:
                            if (z2) {
                                z8 = true;
                                i = i2;
                                break;
                            } else {
                                z2 = true;
                                String realmSecurityName = RealmSecurityName.getRealmSecurityName(StringBytesConversion.getConvertedString(attributeArr[i2].value));
                                this._Public = realmSecurityName;
                                this._authTargetRealmString = RealmSecurityName.getRealm(realmSecurityName);
                                break;
                            }
                        case 2:
                            if (z3) {
                                z8 = true;
                                i = i2;
                                break;
                            } else {
                                z3 = true;
                                this._AccessId = StringBytesConversion.getConvertedString(attributeArr[i2].value);
                                break;
                            }
                        case 3:
                            if (z4) {
                                z8 = true;
                                i = i2;
                                break;
                            } else {
                                z4 = true;
                                this._PrimaryGroupId = StringBytesConversion.getConvertedString(attributeArr[i2].value);
                                break;
                            }
                        case 4:
                            if (z5) {
                                z8 = true;
                                i = i2;
                                break;
                            } else {
                                z5 = true;
                                this._GroupIds = SecurityAttributeList.getAttributeStringArray(attributeArr[i2].value);
                                break;
                            }
                        case 5:
                            if (z6) {
                                z8 = true;
                                i = i2;
                                break;
                            } else {
                                z6 = true;
                                this._Roles = SecurityAttributeList.getAttributeStringArray(attributeArr[i2].value);
                                break;
                            }
                        default:
                            z9 = true;
                            i = i2;
                            break;
                    }
                }
            } else {
                SecurityLogger.logError("security.JSAS0370E", new Object[]{"CredentialsImpl.set_attributes"});
                z9 = true;
                i = i2;
            }
        }
        if (z9) {
            SecurityLogger.logError("security.JSAS0350E", new Object[]{"CredentialsImpl.set_attributes"});
            throw new InvalidAttributeType(InvalidAttributeTypeReason.InvalidType, attributeArr[i].attribute_type);
        }
        if (z8) {
            SecurityLogger.logError("security.JSAS0350E", new Object[]{"CredentialsImpl.set_attributes"});
            throw new DuplicateAttributeType(attributeArr[i].attribute_type);
        }
    }

    public void set_credential_token(String str, byte[] bArr, long j) throws CredentialsNotSet {
        throw new NO_IMPLEMENT();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public void set_credential_token(String str, byte[] bArr, long j, CredentialsNotSet credentialsNotSet) throws CredentialsNotSet {
        if (this._credsUnauthenticated) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.set_credential_token", "Cannot modify credential token of unauthenticated credentials.");
            }
            throw credentialsNotSet;
        }
        if (this._credsInvalid) {
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.set_credential_token"});
            throw credentialsNotSet;
        }
        String realmSecurityName = RealmSecurityName.getRealmSecurityName(str);
        this._Public = realmSecurityName;
        this._authTargetRealmString = RealmSecurityName.getRealm(realmSecurityName);
        this._CredentialToken = bArr;
        if (j > new Date().getTime()) {
            this._credsExpired = false;
        }
        this._expiration = j;
        this._mappedCreds = null;
    }

    @Override // com.ibm.IExtendedSecurityImpl.CredentialsImpl, com.ibm.IExtendedSecurity._CredentialsImplBase, org.omg.SecurityLevel2.CredentialsOperations
    public void set_security_features(CommunicationDirection communicationDirection, SecurityFeatureValue[] securityFeatureValueArr) throws InvalidCommDirection, InvalidSecurityFeature, DuplicateSecurityFeature {
        throw new NO_IMPLEMENT();
    }

    public void setUniqueID(String str) {
        if (this._credsUnauthenticated) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.setUniqueID", "No unique ID will be set for unauthenticated credentials.");
            }
        } else if (this._credsInvalid) {
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.setUniqueID"});
        } else {
            this._uniqueID = str;
        }
    }

    public void setAttributForIdentityAssertion(String str, byte[] bArr) {
        if (this._credsUnauthenticated) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CredentialsImpl.setAttributeForIdentityAssertion", "No unique ID will be set for unauthenticated credentials.");
            }
        } else if (this._credsInvalid) {
            SecurityLogger.logError("security.JSAS0435E", new Object[]{"CredentialsImpl.setAttributeForIdentityAssertion"});
        } else {
            this._IdentityType = str;
            this._IdentityValue = bArr;
        }
    }

    public WSCredential mapCorbaToWS() {
        throw new NO_IMPLEMENT();
    }

    public Credentials mapWSToCorba(WSCredential wSCredential) {
        throw new NO_IMPLEMENT();
    }
}
