package com.ibm.ISecurityLocalObjectBaseL13Impl;

import com.ibm.CORBA.channel.giop.GIOPConnectionContext;
import com.ibm.CORBA.channel.giop.GIOPMessageContext;
import com.ibm.CORBA.iiop.ExtendedClientRequestInfo;
import com.ibm.CORBA.iiop.IOR;
import com.ibm.CORBA.iiop.ORB;
import com.ibm.CORBA.iiop.ServiceContextList;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2TaggedComponent;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.ClientSessionKey;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSFactory;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.OID;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SecurityExecutionEnvironment;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionEntry;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.SessionManager;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.ConfigURLProperties;
import com.ibm.ISecurityUtilityImpl.MechanismAmbiguityException;
import com.ibm.ISecurityUtilityImpl.MechanismFactory;
import com.ibm.ISecurityUtilityImpl.ObjectList;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.SecConstants;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.ISecurityUtilityImpl.StringBytesConversion;
import com.ibm.ISecurityUtilityImpl.VaultConstants;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.audit.AuditHandler;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.connmgmt.ConnectionHandle;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.runtime.service.EndPointMgr;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.util.AccessController;
import com.ibm.wsspi.iiop.channel.ConnectionStateElement;
import com.ibm.wsspi.security.audit.AuditService;
import com.ibm.wsspi.security.audit.J2EEAuditEventFactory;
import com.ibm.wsspi.security.auth.WSSubjectWrapper;
import com.ibm.wsspi.security.csiv2.CSIv2PerformPolicy;
import com.ibm.wsspi.security.token.TokenHolder;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509CertSelector;
import java.util.Hashtable;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;
import org.omg.CORBA.Any;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.INTERNAL;
import org.omg.CORBA.IntHolder;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.Object;
import org.omg.CORBA.StringHolder;
import org.omg.CSI.EstablishContext;
import org.omg.CSI.GSS_NT_ExportedNameHelper;
import org.omg.CSI.IdentityToken;
import org.omg.CSI.KRB5MechOID;
import org.omg.CSI.MessageInContext;
import org.omg.CSI.SASContextBody;
import org.omg.CSI.X501DistinguishedNameHelper;
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.IOP.Codec;
import org.omg.IOP.ServiceContext;
import org.omg.PortableInterceptor.ClientRequestInfo;
import org.omg.PortableInterceptor.ClientRequestInterceptor;
import org.omg.PortableInterceptor.ForwardRequest;
import org.omg.PortableInterceptor.ORBInitInfo;
import org.omg.Security.OpaqueHolder;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ISecurityLocalObjectBaseL13Impl/CSIClientRIBase.class */
public class CSIClientRIBase extends CSIORBInit implements ClientRequestInterceptor {
    private static final TraceComponent tc;
    private static final String ADMIN_CLASS = "adminsec.txt";
    private static ObjectList list;
    protected static AuditHandler auditHandler;
    protected static J2EEAuditEventFactory auditFactory;
    protected static AuditService auditService;
    public int slotid;
    static Class class$com$ibm$ISecurityLocalObjectBaseL13Impl$CSIClientRIBase;
    static Class class$com$ibm$wsspi$security$auth$WSSubjectWrapper;
    protected ORB orb = null;
    protected Codec codec = null;
    protected VaultImpl myVault = null;
    protected SecurityConnectionInterceptor _securityConnectionInterceptor = null;
    protected SecurityConfiguration secConfig = null;
    protected MechanismFactory _mechanismFactory = null;
    protected int csiClientCertPort = 0;
    protected IntHolder expiry_time_now = new IntHolder(0);
    protected CSIUtil csiUtil = new CSIUtil();
    protected SessionManager sessionMgr = null;
    protected CSICredentialsManager credsMgr = new CSICredentialsManager();
    ContextManager contextMgr = null;
    protected Hashtable sessionRequestTable = new Hashtable();

    public void init(ORB orb) {
        if (ConfigURLProperties.isSecurityEnabled()) {
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugEntry("CSIClientRIBase.init");
            }
            this.contextMgr = ContextManagerFactory.getInstance();
            this.myVault = VaultImpl.getInstance();
            if (this.myVault != null) {
                this.sessionMgr = this.myVault.getSessionManager();
                this.orb = this.myVault.getORB();
                this._mechanismFactory = this.myVault.getMechanismFactory();
                VaultImpl vaultImpl = this.myVault;
                this.secConfig = VaultImpl.getSecurityConfiguration();
            } else {
                SecurityLogger.logError("security.JSAS0010E", new Object[]{"CSIClientRIBase.init"});
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRIBase.init");
            }
        }
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit
    public void pre_init(ORBInitInfo oRBInitInfo) {
    }

    @Override // com.ibm.ISecurityLocalObjectBaseL13Impl.CSIORBInit
    public void post_init(ORBInitInfo oRBInitInfo) {
        if (ConfigURLProperties.isSecurityEnabled()) {
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugEntry("CSIClientRIBase.post_init");
            }
            this.contextMgr = ContextManagerFactory.getInstance();
            this.myVault = VaultImpl.getInstance();
            if (this.myVault != null) {
                this.sessionMgr = this.myVault.getSessionManager();
                this.orb = this.myVault.getORB();
                this._mechanismFactory = this.myVault.getMechanismFactory();
                VaultImpl vaultImpl = this.myVault;
                this.secConfig = VaultImpl.getSecurityConfiguration();
            } else {
                SecurityLogger.logError("security.JSAS0010E", new Object[]{"CSIClientRIBase.post_init"});
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRIBase.post_init");
            }
        }
    }

    public void destroy() {
    }

    public void send_request(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    public void send_poll(ClientRequestInfo clientRequestInfo) {
    }

    public void receive_reply(ClientRequestInfo clientRequestInfo) {
    }

    public void receive_exception(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    public void receive_other(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean qualifyClientRequest(ClientRequestInfo clientRequestInfo, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy) throws ForwardRequest {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRIBase.qualifyClientRequest");
        }
        CurrentImpl current = this.csiUtil.getCurrent();
        String name = clientRequestInfo.effective_target() != null ? clientRequestInfo.effective_target().getClass().getName() : "<unknown>";
        if (is_local_client_request(clientRequestInfo)) {
            send_request_local(clientRequestInfo);
            if (!SecurityLogger.debugEntryEnabled) {
                return false;
            }
            SecurityLogger.debugExit("CSIClientRIBase.qualifyClientRequest");
            return false;
        }
        if (cSIv2EffectivePerformPolicy == null) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRIBase.qualifyClientRequest", "Effective policy object is null, not a CSIv2 request.");
            }
            if (!SecurityLogger.debugEntryEnabled) {
                return false;
            }
            SecurityLogger.debugExit("CSIClientRIBase.qualifyClientRequest");
            return false;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRIBase.qualifyClientRequest", new StringBuffer().append("Effective policy object instance is: ").append(cSIv2EffectivePerformPolicy).toString());
        }
        boolean serverSecurityEnabled = current.getServerSecurityEnabled();
        if (!serverSecurityEnabled) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRIBase.qualifyClientRequest", new StringBuffer().append("CSIClientRI: appSecEnabledState = ").append(serverSecurityEnabled).toString());
            }
            if (list == null) {
                list = new ObjectList(ADMIN_CLASS);
            }
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRIBase.qualifyClientRequest", new StringBuffer().append("class_name: ").append(name).append(" method_name: ").append(clientRequestInfo.operation()).append(" effective_target: ").append(clientRequestInfo.effective_target()).toString());
            }
            if (SecurityConnectionInterceptor.isSpecialClass(clientRequestInfo.operation(), name) && (!this.contextMgr.processIsServer() || !list.find(name))) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRIBase.qualifyClientRequest", "Special naming method or other corba special method. Return from interceptor.");
                }
                if (!SecurityLogger.debugEntryEnabled) {
                    return false;
                }
                SecurityLogger.debugExit("CSIClientRIBase.qualifyClientRequest");
                return false;
            }
        }
        if (cSIv2EffectivePerformPolicy.getIsInternalRequestPolicy() || !(SecurityConnectionInterceptor.isSpecialNamingMethod(clientRequestInfo.operation(), name) || SecurityConnectionInterceptor.isSpecialSSLRequiredNamingMethod(clientRequestInfo.operation(), name) || (cSIv2EffectivePerformPolicy.getTargetTCPPort() != 0 && !cSIv2EffectivePerformPolicy.claimClientAuthenticationRequired() && ORB.isSpecialMethod(clientRequestInfo.operation()) && !this.csiUtil.isCORBAAuthRequired()))) {
            if (!SecurityLogger.debugEntryEnabled) {
                return true;
            }
            SecurityLogger.debugExit("CSIClientRIBase.qualifyClientRequest");
            return true;
        }
        SecurityLogger.debugMessage("CSIClientRIBase.qualifyClientRequest", "Special naming method or other corba special method. Return from interceptor.");
        if (!SecurityLogger.debugEntryEnabled) {
            return false;
        }
        SecurityLogger.debugExit("CSIClientRIBase.qualifyClientRequest");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject retrieveSubject(String str, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy, CSICredentialsManager cSICredentialsManager) {
        String str2 = "";
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRIBase.retrieveSubject");
        }
        String targetHostName = cSIv2EffectivePerformPolicy.getTargetHostName();
        CurrentImpl current = this.csiUtil.getCurrent();
        if (SecurityLogger.debugTraceEnabled) {
            str2 = new StringBuffer().append("Target Realm Name: ").append(str).append(", Target Host: ").append(targetHostName).toString();
            SecurityLogger.debugMessage("CSIClientRIBase.retrieveSubject", str2);
        }
        Subject subject = null;
        if (cSIv2EffectivePerformPolicy.performIdentityAssertion()) {
            subject = (Subject) AccessController.doPrivileged(new PrivilegedAction(this, cSICredentialsManager) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.1
                private final CSICredentialsManager val$credsMgr;
                private final CSIClientRIBase this$0;

                {
                    this.this$0 = this;
                    this.val$credsMgr = cSICredentialsManager;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    return this.val$credsMgr.getInvocationSubject();
                }
            });
        } else if (str != null && !str.equals("") && cSIv2EffectivePerformPolicy.getTargetHostName() != null && !cSIv2EffectivePerformPolicy.getTargetHostName().equals("")) {
            boolean validateBasicAuth = this.secConfig.validateBasicAuth();
            try {
                try {
                    if (cSIv2EffectivePerformPolicy.claimClientAuthenticationRequired()) {
                        this.secConfig.setValidateBasicAuth(false);
                    }
                    subject = (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction(this, cSICredentialsManager, str, cSIv2EffectivePerformPolicy) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.2
                        private final CSICredentialsManager val$credsMgr;
                        private final String val$targetRealmName;
                        private final CSIv2EffectivePerformPolicy val$csiv2EffectivePolicy;
                        private final CSIClientRIBase this$0;

                        {
                            this.this$0 = this;
                            this.val$credsMgr = cSICredentialsManager;
                            this.val$targetRealmName = str;
                            this.val$csiv2EffectivePolicy = cSIv2EffectivePerformPolicy;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            return this.val$credsMgr.getClientSubject(this.val$targetRealmName, this.val$csiv2EffectivePolicy.getTargetHostName());
                        }
                    });
                    if (cSIv2EffectivePerformPolicy.claimClientAuthenticationRequired()) {
                        this.secConfig.setValidateBasicAuth(validateBasicAuth);
                    }
                } catch (PrivilegedActionException e) {
                    FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "431", this);
                    Exception exception = e.getException();
                    SecurityLogger.logException("CSIClientRIBase.retrieveSubject", exception, 0, 0);
                    throw new NO_PERMISSION(exception.getMessage(), 1229079296, CompletionStatus.COMPLETED_NO);
                }
            } catch (Throwable th) {
                if (cSIv2EffectivePerformPolicy.claimClientAuthenticationRequired()) {
                    this.secConfig.setValidateBasicAuth(validateBasicAuth);
                }
                throw th;
            }
        }
        if (subject == null) {
            if (SecurityLogger.traceEnabled) {
                str2 = SecurityMessages.getMsgOrUseDefault("JSAS0020W", "JSAS0020W: Unable to get credentials.");
                SecurityLogger.traceMessage("CSIClientRIBase.retrieveSubject", str2);
            }
            if (this.secConfig.getCSIv2PerformClientAuthenticationRequired() || cSIv2EffectivePerformPolicy.claimClientAuthenticationRequired()) {
                if (SecurityLogger.traceEnabled) {
                    str2 = "ERROR: No credential found, client auth required by client or server, throwing NO_PERMISSION.";
                    SecurityLogger.traceMessage("CSIClientRIBase.retrieveSubject", str2);
                }
                throw new NO_PERMISSION(str2, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
            }
            if (!SecurityLogger.traceEnabled) {
                return null;
            }
            SecurityLogger.traceMessage("CSIClientRIBase.retrieveSubject", "WARNING: No credential found, client auth not required, sending out unauthenticated.");
            return null;
        }
        if (!SubjectHelper.getWSCredentialFromSubject(subject).isUnauthenticated()) {
            try {
                if (!this.secConfig.processIsServer() || ContextManagerFactory.getInstance().getWSCredTokenMapper().checkValidityOfAllTokensAndRefresh(subject)) {
                    if (SecurityLogger.debugEntryEnabled) {
                        SecurityLogger.debugExit("CSIClientRIBase.retrieveSubject");
                    }
                    return subject;
                }
                if (SecurityLogger.traceEnabled) {
                    SecurityLogger.traceMessage("CSIClientRIBase.retrieveSubject", SecurityMessages.getMsgOrUseDefault("JSAS0030W", "JSAS0030W: Credentials are invalid. Trying unauthenticated login."));
                }
                throw new NO_PERMISSION("Credentials have expired.", SecurityMinorCodes.CREDENTIAL_TOKEN_EXPIRED, CompletionStatus.COMPLETED_NO);
            } catch (Exception e2) {
                FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "515", this);
                SecurityLogger.debugMessage("CSIClientRIBase.retrieveSubject", "Java runtime exception.");
                SecurityLogger.logException("CSIClientRIBase.retrieveSubject", e2, 0, 0);
                throw new INTERNAL(new StringBuffer().append("Java runtime exception.  Exception = ").append(e2).toString(), SecurityMinorCodes.JAVA_EXCEPTION, CompletionStatus.COMPLETED_NO);
            }
        }
        if (SecurityLogger.debugTraceEnabled) {
            str2 = "Encountered unauthenticated credential.";
            SecurityLogger.debugMessage("CSIClientRIBase.retrieveSubject", str2);
        }
        if (!current.getAllowUnauthCredForAuthenticate() && !cSIv2EffectivePerformPolicy.performIdentityAssertion() && (this.secConfig.getCSIv2PerformClientAuthenticationRequired() || cSIv2EffectivePerformPolicy.claimClientAuthenticationRequired())) {
            if (SecurityLogger.traceEnabled) {
                str2 = "ERROR: Unauthenticated credential found, client auth required by client or server, throwing NO_PERMISSION.";
                SecurityLogger.traceMessage("CSIClientRIBase.retrieveSubject", str2);
            }
            throw new NO_PERMISSION(str2, SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
        }
        if (SecurityLogger.traceEnabled) {
            SecurityLogger.traceMessage("CSIClientRIBase.retrieveSubject", "Unauthenticated credential found, client auth not required, sending out unauthenticated.");
        }
        if (this.secConfig.processIsServer()) {
            return subject;
        }
        return null;
    }

    protected ClientSessionKey getClientSessionKey(String str, Subject subject, String str2, String str3, int i) {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRIBase.getClientSessionKey");
        }
        String str4 = "";
        try {
            if (str3 != null) {
                str4 = new StringBuffer().append(str3).append(":").append(i).toString();
                if (SecurityLogger.traceEnabled) {
                    SecurityLogger.traceMessage("CSIClientRIBase.getClientSessionKey", new StringBuffer().append("localHostPort for client session key: ").append(str4).toString());
                }
            } else if (SecurityLogger.traceEnabled) {
                SecurityLogger.traceMessage("CSIClientRIBase.getClientSessionKey", "Connection data is null, this may cause a problem with multi-thread stateful clients.");
            }
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
            String str5 = null;
            if (this.secConfig.processIsServer()) {
                str5 = ContextManagerFactory.getInstance().getClientUniqueIDForOutboundRequests(subject);
            }
            if (str5 == null) {
                str5 = wSCredentialFromSubject.getRealmUniqueSecurityName();
            }
            ClientSessionKey clientSessionKey = new ClientSessionKey(str5, Integer.toString(wSCredentialFromSubject.hashCode()), new Long(wSCredentialFromSubject.getExpiration()).toString(), str, str2, str4);
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRIBase.getClientSessionKey");
            }
            return clientSessionKey;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "634", this);
            if (SecurityLogger.traceEnabled) {
                SecurityLogger.traceMessage("CSIClientRIBase.getClientSessionKey", SecurityMessages.getMsgOrUseDefault("JSAS0030W", "JSAS0030W: Credentials are invalid. Trying unauthenticated login."));
            }
            SecurityLogger.logException("CSIClientRIBase.getClientSessionKey", e, 0, 0);
            throw new NO_PERMISSION(new StringBuffer().append("Credentials have expired.  Exception = ").append(e).toString(), SecurityMinorCodes.CREDENTIAL_TOKEN_EXPIRED, CompletionStatus.COMPLETED_NO);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SessionEntry determineStatefulContextID(String str, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy, SessionManager sessionManager, ClientRequestInfo clientRequestInfo, Subject subject, String str2, String str3, int i) {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRIBase.determineStatefulContextID");
        }
        this.csiUtil.getCurrent();
        ClientSessionKey clientSessionKey = getClientSessionKey(str, subject, str2, str3, i);
        cSIv2EffectivePerformPolicy.setClientSessionKey(clientSessionKey);
        SessionEntry csi_client_session_lookup = sessionManager.csi_client_session_lookup(clientSessionKey);
        if (csi_client_session_lookup == null) {
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextID");
            }
            csi_client_session_lookup.set_client_context_id(0L);
            return csi_client_session_lookup;
        }
        csi_client_session_lookup.get_client_context_id();
        switch (csi_client_session_lookup.get_session_state()) {
            case 1:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextID", "Session state:  SESSION_IN_COMPLETE_STATE.  Proceeding with MessageInContext.");
                }
                MessageInContext messageInContext = new MessageInContext(csi_client_session_lookup.get_client_context_id(), false);
                this.csiUtil.print_mic_message(messageInContext, "CSIClientRIBase.determineStatefulContextID");
                ServiceContext serviceContext = null;
                if (messageInContext != null) {
                    serviceContext = this.csiUtil.create_sc_from_mic_message(messageInContext);
                }
                if (serviceContext == null) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextID", "Service context not available.  Going out in stateless mode.");
                    }
                    if (SecurityLogger.debugEntryEnabled) {
                        SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextID");
                    }
                    csi_client_session_lookup.set_renegotiate_to_stateless();
                    return csi_client_session_lookup;
                }
                clientRequestInfo.add_request_service_context(serviceContext, true);
                cSIv2EffectivePerformPolicy.setStatefulContextID(csi_client_session_lookup.get_client_context_id());
                cSIv2EffectivePerformPolicy.setClientSessionKey(clientSessionKey);
                this.csiUtil.getVault().put_effective_policy(clientRequestInfo.request_id(), cSIv2EffectivePerformPolicy);
                this.csiUtil.setUnauthenticatedToNullIfNeeded();
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextID", "*** SENDING REQUEST ***");
                }
                if (!SecurityLogger.debugEntryEnabled) {
                    return null;
                }
                SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextID");
                return null;
            case 2:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextID", "Session state:  SESSION_IN_INCOMPLETE_STATE.  Proceeding to authenticate in stateless mode.");
                }
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextID");
                }
                csi_client_session_lookup.set_renegotiate_to_stateless();
                return csi_client_session_lookup;
            case 3:
            case 5:
            default:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextID", "Session state:  INVALID STATE.  Proceeding to authenticate in stateless mode.");
                }
                csi_client_session_lookup.set_session_state(7);
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextID");
                }
                csi_client_session_lookup.set_renegotiate_to_stateless();
                return csi_client_session_lookup;
            case 4:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextID", "Session state:  SESSION_NEW.  Proceeding to authenticate in stateful mode.");
                }
                csi_client_session_lookup.set_session_state(2);
                return csi_client_session_lookup;
            case 6:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextID", "Session state:  SESSION_AUTHENTICATING.  Proceeding to EstablishContext in stateful mode.");
                }
                EstablishContext establishContext = csi_client_session_lookup.get_ec_message();
                if (establishContext != null) {
                    this.csiUtil.print_ec_message(establishContext, "CSIClientRIBase.determineStatefulContextID");
                }
                ServiceContext serviceContext2 = null;
                if (establishContext != null) {
                    serviceContext2 = this.csiUtil.create_sc_from_ec_message(establishContext);
                }
                if (serviceContext2 == null) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextID", "Service context not available in existing session.  Going out in stateless mode.");
                    }
                    if (SecurityLogger.debugEntryEnabled) {
                        SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextID");
                    }
                    csi_client_session_lookup.set_renegotiate_to_stateless();
                    return csi_client_session_lookup;
                }
                clientRequestInfo.add_request_service_context(serviceContext2, true);
                cSIv2EffectivePerformPolicy.setStatefulContextID(csi_client_session_lookup.get_client_context_id());
                cSIv2EffectivePerformPolicy.setClientSessionKey(clientSessionKey);
                this.csiUtil.getVault().put_effective_policy(clientRequestInfo.request_id(), cSIv2EffectivePerformPolicy);
                this.csiUtil.setUnauthenticatedToNullIfNeeded();
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextID", "*** SENDING REQUEST ***");
                }
                if (!SecurityLogger.debugEntryEnabled) {
                    return null;
                }
                SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextID");
                return null;
        }
    }

    protected SessionEntry determineStatefulContextIDForCFW(ClientSessionKey clientSessionKey, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy, GIOPConnectionContext gIOPConnectionContext, GIOPMessageContext gIOPMessageContext) throws ForwardRequest {
        SessionEntry sessionEntry;
        String str = "";
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRIBase.determineStatefulContextIDForCFW");
        }
        if (this.sessionMgr == null) {
            this.sessionMgr = VaultImpl.getInstance().getSessionManager();
        }
        if (cSIv2EffectivePerformPolicy.isStateful()) {
            if (SecurityLogger.debugTraceEnabled) {
                str = "Creating a stateful session.";
                SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextIDForCFW", str);
            }
            sessionEntry = this.sessionMgr.csi_client_session_lookup(clientSessionKey);
        } else {
            if (SecurityLogger.debugTraceEnabled) {
                str = "Creating a stateless session.";
                SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextIDForCFW", str);
            }
            sessionEntry = new SessionEntry(0L);
        }
        if (sessionEntry == null) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextIDForCFW", "No session available, throw exception.");
            }
            throw new NO_PERMISSION("Cannot generate a client session");
        }
        sessionEntry.set_effective_policy(cSIv2EffectivePerformPolicy);
        sessionEntry.get_client_context_id();
        int i = sessionEntry.get_session_state();
        sessionEntry.set_client_session_key(clientSessionKey);
        switch (i) {
            case 1:
                if (SecurityLogger.debugTraceEnabled) {
                    str = "Session state:  SESSION_IN_COMPLETE_STATE.  Proceeding with MessageInContext.";
                    SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextIDForCFW", str);
                }
                MessageInContext messageInContext = new MessageInContext(sessionEntry.get_client_context_id(), false);
                this.csiUtil.print_mic_message(messageInContext, "CSIClientRIBase.determineStatefulContextIDForCFW");
                ServiceContext serviceContext = null;
                if (messageInContext != null) {
                    serviceContext = this.csiUtil.create_sc_from_mic_message(messageInContext);
                }
                if (serviceContext != null) {
                    com.ibm.rmi.ServiceContext serviceContext2 = new com.ibm.rmi.ServiceContext(serviceContext.context_id, serviceContext.context_data);
                    try {
                        ServiceContextList serviceContexts = gIOPMessageContext.getServiceContexts();
                        if (serviceContexts != null) {
                            serviceContexts.add(serviceContext2, true);
                            gIOPMessageContext.setServiceContexts(serviceContexts);
                        }
                    } catch (UnsupportedOperationException e) {
                    }
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextIDForCFW", "*** SENDING REQUEST ***");
                    }
                    if (SecurityLogger.debugEntryEnabled) {
                        SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextIDForCFW");
                    }
                    return sessionEntry;
                }
                if (SecurityLogger.debugTraceEnabled) {
                    str = "Service context not available.  Going out in stateless mode.";
                    SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextIDForCFW", str);
                }
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextIDForCFW");
                }
                SessionEntry sessionEntry2 = new SessionEntry(0L);
                sessionEntry2.set_renegotiate_to_stateless();
                sessionEntry2.set_client_session_key(clientSessionKey);
                sessionEntry2.set_effective_policy(cSIv2EffectivePerformPolicy);
                try {
                    com.ibm.rmi.ServiceContext serviceContext3 = new com.ibm.rmi.ServiceContext(SecurityMinorCodes.CSIV2_ZOS_PRIVATE_CTX_ID, sessionEntry2.getBytes());
                    try {
                        ServiceContextList serviceContexts2 = gIOPMessageContext.getServiceContexts();
                        if (serviceContexts2 != null) {
                            serviceContexts2.add(serviceContext3, true);
                            gIOPMessageContext.setServiceContexts(serviceContexts2);
                        }
                    } catch (UnsupportedOperationException e2) {
                    }
                    Object currentObjectFromGIOPMessageContext = getCurrentObjectFromGIOPMessageContext(gIOPMessageContext);
                    if (SecurityLogger.debugEntryEnabled) {
                        SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextIDForCFW");
                    }
                    throw new ForwardRequest(currentObjectFromGIOPMessageContext);
                } catch (Exception e3) {
                    if (SecurityLogger.debugTraceEnabled) {
                        str = "Could not get session bytes to create private service context.";
                        SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextIDForCFW", str);
                        SecurityLogger.logException("CSIClientRIBase.determineStatefulContextIDForCFW", e3, 0, 0);
                    }
                    throw new NO_PERMISSION(str);
                }
            case 2:
            case 3:
            case 5:
            default:
                if (SecurityLogger.debugTraceEnabled) {
                    str = "Session state:  SESSION_IN_INCOMPLETE_STATE, SESSION_AUTHENTICATING, or state unknown -> proceeding to authenticate in stateless mode.";
                    SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextIDForCFW", str);
                }
                SessionEntry sessionEntry3 = new SessionEntry(0L);
                sessionEntry3.set_renegotiate_to_stateless();
                sessionEntry3.set_effective_policy(cSIv2EffectivePerformPolicy);
                sessionEntry3.set_client_session_key(clientSessionKey);
                sessionEntry3.set_session_state(2);
                try {
                    com.ibm.rmi.ServiceContext serviceContext4 = new com.ibm.rmi.ServiceContext(SecurityMinorCodes.CSIV2_ZOS_PRIVATE_CTX_ID, sessionEntry3.getBytes());
                    try {
                        ServiceContextList serviceContexts3 = gIOPMessageContext.getServiceContexts();
                        if (serviceContexts3 != null) {
                            serviceContexts3.add(serviceContext4, true);
                            gIOPMessageContext.setServiceContexts(serviceContexts3);
                        }
                    } catch (UnsupportedOperationException e4) {
                    }
                    Object currentObjectFromGIOPMessageContext2 = getCurrentObjectFromGIOPMessageContext(gIOPMessageContext);
                    if (SecurityLogger.debugEntryEnabled) {
                        SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextIDForCFW");
                    }
                    throw new ForwardRequest(currentObjectFromGIOPMessageContext2);
                } catch (Exception e5) {
                    if (SecurityLogger.debugTraceEnabled) {
                        str = "Could not get session bytes to create private service context.";
                        SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextIDForCFW", str);
                        SecurityLogger.logException("CSIClientRIBase.determineStatefulContextIDForCFW", e5, 0, 0);
                    }
                    throw new NO_PERMISSION(str);
                }
            case 4:
                if (SecurityLogger.debugTraceEnabled) {
                    str = "Session state:  SESSION_NEW.  Proceeding to authenticate in stateful mode.";
                    SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextIDForCFW", str);
                }
                sessionEntry.set_session_state(2);
                try {
                    com.ibm.rmi.ServiceContext serviceContext5 = new com.ibm.rmi.ServiceContext(SecurityMinorCodes.CSIV2_ZOS_PRIVATE_CTX_ID, sessionEntry.getBytes());
                    try {
                        ServiceContextList serviceContexts4 = gIOPMessageContext.getServiceContexts();
                        if (serviceContexts4 != null) {
                            serviceContexts4.add(serviceContext5, true);
                            gIOPMessageContext.setServiceContexts(serviceContexts4);
                        }
                    } catch (UnsupportedOperationException e6) {
                    }
                    Object currentObjectFromGIOPMessageContext3 = getCurrentObjectFromGIOPMessageContext(gIOPMessageContext);
                    if (SecurityLogger.debugEntryEnabled) {
                        SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextIDForCFW");
                    }
                    throw new ForwardRequest(currentObjectFromGIOPMessageContext3);
                } catch (Exception e7) {
                    if (SecurityLogger.debugTraceEnabled) {
                        str = "Could not get session bytes to create private service context.";
                        SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextIDForCFW", str);
                    }
                    SecurityLogger.logException("CSIClientRIBase.determineStatefulContextIDForCFW", e7, 0, 0);
                    throw new NO_PERMISSION(str);
                }
            case 6:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRIBase.determineStatefulContextIDForCFW", "Session state:  SESSION_AUTHENTICATING.  Proceeding to EstablishContext in stateful mode.");
                }
                EstablishContext establishContext = sessionEntry.get_ec_message();
                if (establishContext != null) {
                    this.csiUtil.print_ec_message(establishContext, "CSIClientRIBase.determineStatefulContextIDForCFW");
                }
                ServiceContext serviceContext6 = null;
                if (establishContext != null) {
                    serviceContext6 = this.csiUtil.create_sc_from_ec_message(establishContext);
                }
                if (serviceContext6 != null) {
                    com.ibm.rmi.ServiceContext serviceContext7 = new com.ibm.rmi.ServiceContext(serviceContext6.context_id, serviceContext6.context_data);
                    try {
                        ServiceContextList serviceContexts5 = gIOPMessageContext.getServiceContexts();
                        if (serviceContexts5 != null) {
                            serviceContexts5.add(serviceContext7, true);
                            gIOPMessageContext.setServiceContexts(serviceContexts5);
                        }
                    } catch (UnsupportedOperationException e8) {
                    }
                }
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIClientRIBase.determineStatefulContextIDForCFW");
                }
                return sessionEntry;
        }
    }

    public void doFilterSendRequest(GIOPConnectionContext gIOPConnectionContext, GIOPMessageContext gIOPMessageContext, ConnectionStateElement connectionStateElement) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doFilterSendRequest");
        }
        int requestId = gIOPMessageContext.getRequestId();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Request ID: ").append(Integer.toString(requestId)).toString());
        }
        com.ibm.CORBA.iiop.ServiceContext serviceContext = null;
        com.ibm.CORBA.iiop.ServiceContext serviceContext2 = null;
        try {
            serviceContext2 = gIOPMessageContext.getServiceContexts().get(SecurityMinorCodes.CSIV2_ZOS_PRIVATE_CTX_ID);
        } catch (UnsupportedOperationException e) {
        }
        try {
            serviceContext = gIOPMessageContext.getServiceContexts().get(SecurityMinorCodes.CSIV2_SEED_CTX_ID);
        } catch (UnsupportedOperationException e2) {
        }
        if (serviceContext2 != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found session context on filter second pass.  Updating session.");
            }
            SessionEntry sessionEntry = new SessionEntry(serviceContext2.getContextData());
            if (sessionEntry != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Adding session to table using request ID: ").append(requestId).toString());
                }
                this.sessionRequestTable.put(Integer.toString(requestId), sessionEntry);
            }
            updateSessionFromSR(sessionEntry, gIOPConnectionContext, gIOPMessageContext);
        } else if (serviceContext != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found seed context on filter first pass.  Creating session.");
            }
            SecurityExecutionEnvironment createFromBytes = SecurityExecutionEnvironment.createFromBytes(serviceContext.getContextData());
            if (createFromBytes == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Could not recreate seed.  Throwing NO_PERMISSION.");
                }
                throw new INTERNAL("Error deserializing security execution environment.");
            }
            CSIv2EffectivePerformPolicy effectivePolicyFromIOR = getEffectivePolicyFromIOR(gIOPMessageContext);
            if (effectivePolicyFromIOR != null) {
                String localHost = gIOPConnectionContext.getLocalHost();
                int localPort = gIOPConnectionContext.getGIOPConnectionInfo().getLocalPort();
                String realm = RealmSecurityName.getRealm(effectivePolicyFromIOR.getTargetSecurityName());
                ConnectionHandle connectionHandle = connectionStateElement.getConnectionHandle();
                if (connectionHandle != null && connectionHandle.getIsLocalComm()) {
                    effectivePolicyFromIOR.setConnectionKey(connectionHandle.toString());
                    localHost = "";
                    localPort = 0;
                }
                SessionEntry determineStatefulContextIDForCFW = determineStatefulContextIDForCFW(new ClientSessionKey(createFromBytes.getClientUniqueId(), "", Long.toString(createFromBytes.getCredentialExpiration()), realm, effectivePolicyFromIOR.getConnectionKey(), new StringBuffer().append(localHost).append(":").append(localPort).toString()), effectivePolicyFromIOR, gIOPConnectionContext, gIOPMessageContext);
                if (determineStatefulContextIDForCFW != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found a valid session, sending the request.");
                    }
                    this.sessionRequestTable.put(Integer.toString(requestId), determineStatefulContextIDForCFW);
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Could not get an effective policy from the IOR.  Treating as if NO CSIv2 tags present in IOR (unauthenticated).");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "This is an unauthenticated request, no session processing needed in filter.");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "*** SENDING REQUEST ***");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doFilterSendRequest");
        }
    }

    CSIv2EffectivePerformPolicy getEffectivePolicyFromIOR(GIOPMessageContext gIOPMessageContext) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getEffectivePolicyFromIOR", gIOPMessageContext);
        }
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = null;
        try {
            IOR currentIOR = gIOPMessageContext.getCurrentIOR();
            if (currentIOR == null) {
                currentIOR = gIOPMessageContext.getTargetIOR();
            }
            if (currentIOR == null) {
                currentIOR = gIOPMessageContext.getInitialIOR();
            }
            if (currentIOR != null) {
                cSIv2EffectivePerformPolicy = getEffectivePolicyFromIOR(currentIOR);
            }
        } catch (UnsupportedOperationException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to acquire IOR from GIOP message context", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getEffectivePolicyFromIOR", cSIv2EffectivePerformPolicy);
        }
        return cSIv2EffectivePerformPolicy;
    }

    CSIv2EffectivePerformPolicy getEffectivePolicyFromIOR(IOR ior) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getEffectivePolicyFromIOR", ior);
        }
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = null;
        CSIv2TaggedComponent[] cSIv2TaggedComponentList = CSIv2TaggedComponent.getCSIv2TaggedComponentList(ior.getProfile(), ior);
        if (cSIv2TaggedComponentList != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found CSIv2 tagged component, getting policy from cache or building new one.");
            }
            cSIv2EffectivePerformPolicy = CSIv2EffectivePerformPolicy.getInstance(cSIv2TaggedComponentList);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getEffectivePolicyFromIOR", cSIv2EffectivePerformPolicy);
        }
        return cSIv2EffectivePerformPolicy;
    }

    public void doFilterReceiveReply(GIOPConnectionContext gIOPConnectionContext, GIOPMessageContext gIOPMessageContext, ConnectionStateElement connectionStateElement) throws Exception {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRIForSR.doFilterReceiveReply");
        }
        String num = Integer.toString(gIOPMessageContext.getRequestId());
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Request ID: ").append(num).toString());
        }
        SessionEntry sessionEntry = (SessionEntry) this.sessionRequestTable.get(num);
        if (sessionEntry != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Session entry for reply: ").append(sessionEntry).toString());
            }
            this.sessionRequestTable.remove(num);
            long j = sessionEntry.get_client_context_id();
            boolean z = (sessionEntry.get_renegotiate_to_stateless() || j == 0) ? false : true;
            if (!z) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Session is stateless, returning without any updates.");
                }
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIClientRIForSR.doFilterReceiveReply");
                    return;
                }
                return;
            }
            SASContextBody sASContextBody = null;
            com.ibm.CORBA.iiop.ServiceContext serviceContext = this.csiUtil.get_sc_from_reply(gIOPMessageContext);
            if (serviceContext != null) {
                sASContextBody = this.csiUtil.get_message_from_sc(serviceContext);
            }
            if (sASContextBody != null && sASContextBody.discriminator() == 1) {
                this.csiUtil.print_cec_message(sASContextBody.complete_msg(), "CSIClientRIForSR.doFilterReceiveReply");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Updating stateful session as MTCompleteEstablishContext for ID: ").append(j).toString());
                }
                this.sessionMgr.csi_client_session_complete(sASContextBody, z, j, sessionEntry.get_client_session_key());
            } else if (sASContextBody != null && sASContextBody.discriminator() == 4) {
                this.csiUtil.print_ce_message(sASContextBody.error_msg(), "CSIClientRIForSR.doFilterReceiveReply");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Updating stateful session as MTContextError for ID: ").append(j).toString());
                }
                this.sessionMgr.csi_client_session_complete_exception(sASContextBody, z, sessionEntry.get_client_session_key());
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unexpected message type.");
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Session is not found for request ID, returning without any updates.");
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRIForSR.doFilterReceiveReply");
        }
    }

    protected void updateSessionFromSR(SessionEntry sessionEntry, GIOPConnectionContext gIOPConnectionContext, GIOPMessageContext gIOPMessageContext) throws ForwardRequest {
        String str = "";
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRIBase.updateSessionFromSR");
        }
        if (sessionEntry.get_client_context_id() == 0 || sessionEntry.get_renegotiate_to_stateless()) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRIBase.updateSessionFromSR", "Session is stateless, returning without any updates.");
                return;
            }
            return;
        }
        if (this.sessionMgr.csi_client_session_lookup(sessionEntry.get_client_session_key()) == null) {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRIBase.updateSessionFromSR", "Session passed in is null, could be unauthenticated request.");
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugEntry("CSIClientRIBase.updateSessionFromSR");
                return;
            }
            return;
        }
        switch (sessionEntry.get_session_state()) {
            case 1:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRIBase.updateSessionFromSR", "Session state:  SESSION_IN_COMPLETE_STATE.  Proceeding with MessageInContext.");
                }
                this.sessionMgr.update_client_session(sessionEntry.get_client_session_key(), sessionEntry);
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIClientRIBase.updateSessionFromSR");
                    return;
                }
                return;
            case 2:
                if (SecurityLogger.debugTraceEnabled) {
                    str = "Invalid session state:  SESSION_IN_INCOMPLETE_STATE.";
                    SecurityLogger.debugMessage("CSIClientRIBase.updateSessionFromSR", str);
                }
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIClientRIBase.updateSessionFromSR");
                }
                throw new NO_PERMISSION(str);
            case 3:
            case 5:
            default:
                if (SecurityLogger.debugTraceEnabled) {
                    str = "Session state:  INVALID STATE.  Proceeding to authenticate in stateless mode.";
                    SecurityLogger.debugMessage("CSIClientRIBase.updateSessionFromSR", str);
                }
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIClientRIBase.updateSessionFromSR");
                }
                throw new NO_PERMISSION(str);
            case 4:
                if (SecurityLogger.debugTraceEnabled) {
                    str = "Invalid session state:  SESSION_NEW.";
                    SecurityLogger.debugMessage("CSIClientRIBase.updateSessionFromSR", str);
                }
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIClientRIBase.updateSessionFromSR");
                }
                throw new NO_PERMISSION(str);
            case 6:
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRIBase.updateSessionFromSR", "Session state:  SESSION_AUTHENTICATING.  Proceeding to EstablishContext in stateful mode.");
                }
                this.sessionMgr.update_client_session(sessionEntry.get_client_session_key(), sessionEntry);
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIClientRIBase.updateSessionFromSR");
                    return;
                }
                return;
        }
    }

    Object getCurrentObjectFromGIOPMessageContext(GIOPMessageContext gIOPMessageContext) {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRIBase.getCurrentObjectFromGIOPMessageContext");
        }
        Object IORToObject = this.orb.IORToObject(gIOPMessageContext.getCurrentIOR());
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRIBase.getCurrentObjectFromGIOPMessageContext");
        }
        return IORToObject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject mapOutboundOrCreateOAT(Subject subject, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy) {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRIBase.mapOutboundOrCreateOAT");
        }
        try {
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRIBase.mapOutboundOrCreateOAT", new StringBuffer().append("Going into outbound login config.  Outbound login: ").append(this.secConfig.isRMIOutboundLoginEnabled()).append(", Authz Token: ").append(cSIv2EffectivePerformPolicy.performAuthorizationToken()).toString());
            }
            Subject subject2 = (this.secConfig.processIsServer() || this.secConfig.isRMIOutboundLoginEnabled()) ? (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction(this, subject, this.secConfig, new CSIv2PerformPolicy(cSIv2EffectivePerformPolicy)) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.3
                private final Subject val$subjectPriv;
                private final SecurityConfiguration val$secConfigPriv;
                private final CSIv2PerformPolicy val$csiv2PerformPolicy;
                private final CSIClientRIBase this$0;

                {
                    this.this$0 = this;
                    this.val$subjectPriv = subject;
                    this.val$secConfigPriv = r6;
                    this.val$csiv2PerformPolicy = r7;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws WSLoginFailedException {
                    return ContextManagerFactory.getInstance().login(this.val$secConfigPriv.getRMIOutboundLoginConfig(), this.val$csiv2PerformPolicy, SubjectHelper.createNewSubjectFromExisting(this.val$subjectPriv));
                }
            }) : (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction(this, subject) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.4
                private final Subject val$subjectPriv;
                private final CSIClientRIBase this$0;

                {
                    this.this$0 = this;
                    this.val$subjectPriv = subject;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws WSLoginFailedException {
                    Subject createNewSubjectFromExisting = SubjectHelper.createNewSubjectFromExisting(this.val$subjectPriv);
                    byte[] createOpaqueTokenFromSubject = WSOpaqueTokenHelper.getInstance().createOpaqueTokenFromSubject(this.val$subjectPriv);
                    if (createOpaqueTokenFromSubject != null) {
                        createNewSubjectFromExisting.getPrivateCredentials().add(new TokenHolder(createOpaqueTokenFromSubject, WSOpaqueTokenHelper.getInstance().getOpaqueTokenName(), WSOpaqueTokenHelper.getInstance().getOpaqueTokenVersion()));
                    }
                    return createNewSubjectFromExisting;
                }
            });
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRIBase.mapOutboundOrCreateOAT", (String) AccessController.doPrivileged(new PrivilegedAction(this, subject2) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.5
                    private final Subject val$newSubjectPriv;
                    private final CSIClientRIBase this$0;

                    {
                        this.this$0 = this;
                        this.val$newSubjectPriv = subject2;
                    }

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        return new StringBuffer().append("Subject with opaque token: ").append(this.val$newSubjectPriv).toString();
                    }
                }));
            }
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRIBase.mapOutboundOrCreateOAT");
            }
            return subject2;
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "1719", this);
            Exception exception = e.getException();
            SecurityLogger.logException("CSIClientRIBase.mapOutboundOrCreateOAT", exception, 0, 0);
            throw new NO_PERMISSION(new StringBuffer().append("Problem occurred in credential mapping or attribute propagation.  Exception = ").append(exception.toString()).toString(), 1229079296, CompletionStatus.COMPLETED_NO);
        } catch (Exception e2) {
            FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "1727", this);
            SecurityLogger.debugMessage("CSIClientRIBase.mapOutboundOrCreateOAT", "Java runtime exception.");
            SecurityLogger.logException("CSIClientRIBase.mapOutboundOrCreateOAT", e2, 0, 0);
            throw new INTERNAL(new StringBuffer().append("Java runtime exception.  Exception = ").append(e2.toString()).toString(), SecurityMinorCodes.JAVA_EXCEPTION, CompletionStatus.COMPLETED_NO);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityContextImpl determineSecurityContextType(Subject subject, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy, String str, SessionManager sessionManager, SessionEntry sessionEntry) {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRIBase.determineSecurityContextType");
        }
        long statefulContextID = cSIv2EffectivePerformPolicy.getStatefulContextID();
        ClientSessionKey clientSessionKey = cSIv2EffectivePerformPolicy.getClientSessionKey();
        try {
            String str2 = null;
            String str3 = null;
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
            if (wSCredentialFromSubject != null) {
                try {
                    str3 = wSCredentialFromSubject.getOID();
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "1781", this);
                    if (SecurityLogger.traceEnabled) {
                        SecurityLogger.traceMessage("CSIClientRIBase.determineSecurityContextType", SecurityMessages.getMsgOrUseDefault("JSAS0030W", "JSAS0030W: Credentials are invalid. Trying unauthenticated login."));
                    }
                    SecurityLogger.logException("CSIClientRIBase.determineSecurityContextType", e, 0, 0);
                    throw new NO_PERMISSION(new StringBuffer().append("Credentials have expired.  Exception = ").append(e).toString(), SecurityMinorCodes.CREDENTIAL_TOKEN_EXPIRED, CompletionStatus.COMPLETED_NO);
                }
            }
            if (str3 == null) {
                str3 = cSIv2EffectivePerformPolicy.getPerformClientAuthMechOID();
            }
            if (OID.compareOIDs(str3, GSSUPMechOID.value)) {
                str2 = VaultConstants.GSSUP_MECH_TYPE;
            } else if (OID.compareOIDs(str3, this.secConfig.getWSSecurityContextCustomOID())) {
                str2 = VaultConstants.CUSTOM_MECH_TYPE;
            } else if (OID.compareOIDs(str3, "oid:1.3.18.0.2.30.2")) {
                str2 = VaultConstants.LTPA_MECH_TYPE;
            } else if (OID.compareOIDs(str3, KRB5MechOID.value)) {
                str2 = VaultConstants.KRB5_MECH_TYPE;
            } else {
                String[] performIDANamingMechList = cSIv2EffectivePerformPolicy.getPerformIDANamingMechList();
                if (performIDANamingMechList != null) {
                    for (int i = 0; i < performIDANamingMechList.length; i++) {
                        if (OID.compareOIDs(performIDANamingMechList[i], GSSUPMechOID.value)) {
                            str2 = VaultConstants.GSSUP_MECH_TYPE;
                        } else if (OID.compareOIDs(performIDANamingMechList[i], this.secConfig.getWSSecurityContextCustomOID())) {
                            str2 = VaultConstants.CUSTOM_MECH_TYPE;
                        } else if (OID.compareOIDs(performIDANamingMechList[i], KRB5MechOID.value)) {
                            str2 = VaultConstants.KRB5_MECH_TYPE;
                        } else if (OID.compareOIDs(performIDANamingMechList[i], "oid:1.3.18.0.2.30.2")) {
                            str2 = VaultConstants.LTPA_MECH_TYPE;
                        }
                    }
                }
                if (str2 == null) {
                    str2 = VaultConstants.GSSUP_MECH_TYPE;
                }
            }
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", new StringBuffer().append("Creating ").append(str2).append(" security context.").toString());
            }
            SecurityContextImpl securityContext = this._mechanismFactory.getSecurityContext(str2, str);
            if (SecurityLogger.debugEntryEnabled) {
                SecurityLogger.debugExit("CSIClientRIBase.determineSecurityContextType");
            }
            return securityContext;
        } catch (MechanismAmbiguityException e2) {
            FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "1841", this);
            SecurityLogger.logError("security.JSAS0120E", new Object[]{"CSIClientRIBase.determineSecurityContextType", e2});
            if (cSIv2EffectivePerformPolicy.isStateful() && sessionEntry != null && statefulContextID != 0) {
                sessionManager.csi_client_session_status_update(statefulContextID, clientSessionKey, 7);
                sessionEntry.set_session_state(7);
            }
            throw new NO_PERMISSION(new StringBuffer().append("security.JSAS0120E").append("  Original exception = ").append(e2).toString(), SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setIdentityToken(IdentityToken identityToken, Subject subject, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy, SessionManager sessionManager, SessionEntry sessionEntry) {
        String str = "";
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRIBase.determineSecurityContextType");
        }
        long statefulContextID = cSIv2EffectivePerformPolicy.getStatefulContextID();
        ClientSessionKey clientSessionKey = cSIv2EffectivePerformPolicy.getClientSessionKey();
        boolean performIdentityAssertion = cSIv2EffectivePerformPolicy.performIdentityAssertion();
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        if (!performIdentityAssertion) {
            identityToken.absent(true);
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", "Identity Assertion set to absent.");
            }
        } else if (performIdentityAssertion && (wSCredentialFromSubject == null || wSCredentialFromSubject.isUnauthenticated())) {
            if ((cSIv2EffectivePerformPolicy.getPerformIdentityTokenType() & 1) == 0) {
                SecurityLogger.logError("security.JSAS0489E", new Object[]{"CSIClientRIBase.determineSecurityContextType"});
                throw new NO_PERMISSION("security.JSAS0489E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
            }
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", "Identity Assertion set to anonymous: ");
            }
            identityToken.anonymous(true);
        } else if (performIdentityAssertion) {
            try {
                PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction(this, wSCredentialFromSubject) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.6
                    private final WSCredential val$wsCred;
                    private final CSIClientRIBase this$0;

                    {
                        this.this$0 = this;
                        this.val$wsCred = wSCredentialFromSubject;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WSLoginFailedException, CredentialDestroyedException, CredentialExpiredException {
                        return this.val$wsCred.get("wssecurity.identity_name");
                    }
                };
                PrivilegedExceptionAction privilegedExceptionAction2 = new PrivilegedExceptionAction(this, wSCredentialFromSubject) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.7
                    private final WSCredential val$wsCred;
                    private final CSIClientRIBase this$0;

                    {
                        this.this$0 = this;
                        this.val$wsCred = wSCredentialFromSubject;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws WSLoginFailedException, CredentialDestroyedException, CredentialExpiredException {
                        return this.val$wsCred.get("wssecurity.identity_value");
                    }
                };
                try {
                    String str2 = (String) AccessController.doPrivileged(privilegedExceptionAction);
                    byte[] bArr = (byte[]) AccessController.doPrivileged(privilegedExceptionAction2);
                    if (str2 == null) {
                        str2 = VaultConstants.ClientAuthToken;
                        bArr = StringBytesConversion.getConvertedBytes(wSCredentialFromSubject.getRealmSecurityName());
                    }
                    boolean z = false;
                    boolean z2 = false;
                    boolean z3 = false;
                    String[] performIDANamingMechList = cSIv2EffectivePerformPolicy.getPerformIDANamingMechList();
                    if (performIDANamingMechList == null) {
                        z2 = true;
                    } else {
                        for (int i = 0; i < performIDANamingMechList.length; i++) {
                            if (OID.compareOIDs(performIDANamingMechList[i], GSSUPMechOID.value)) {
                                z2 = true;
                            }
                            if (OID.compareOIDs(performIDANamingMechList[i], KRB5MechOID.value)) {
                                z = true;
                            }
                            if (OID.compareOIDs(performIDANamingMechList[i], "oid:1.3.18.0.2.30.2")) {
                                z3 = true;
                            }
                            if (SecurityLogger.debugTraceEnabled) {
                                str = new StringBuffer().append("Mechanism available from target: ").append(performIDANamingMechList[i]).toString();
                                SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", str);
                            }
                        }
                    }
                    if (SecurityLogger.debugTraceEnabled) {
                        str = new StringBuffer().append("Identity Name in Credential: ").append(str2).toString();
                        SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", str);
                    }
                    if (VaultConstants.ClientAuthToken.equals(str2) || VaultConstants.DeserializedSubjectIdentity.equals(str2)) {
                        new StringHolder();
                        new OpaqueHolder();
                        String convertedString = StringBytesConversion.getConvertedString(bArr);
                        String realm = RealmSecurityName.getRealm(convertedString);
                        String securityName = RealmSecurityName.getSecurityName(convertedString);
                        boolean z4 = !this.secConfig.assertLDAPShortName() && this.secConfig.getActiveUserRegistry().equals("LDAP") && (cSIv2EffectivePerformPolicy.getPerformIdentityTokenType() & 8) != 0 && this.secConfig.getIsUseRegistryServerId();
                        if (SecurityLogger.debugTraceEnabled) {
                            str = new StringBuffer().append("performDNAssertion: ").append(z4).toString();
                            SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", str);
                        }
                        if (z4 || (cSIv2EffectivePerformPolicy.getPerformIdentityTokenType() & 2) == 0) {
                            if (!z4) {
                                SecurityLogger.logError("security.JSAS0490E", new Object[]{"CSIClientRIBase.determineSecurityContextType"});
                                if (cSIv2EffectivePerformPolicy.isStateful() && sessionEntry != null && statefulContextID != 0) {
                                    sessionManager.csi_client_session_status_update(statefulContextID, clientSessionKey, 7);
                                    sessionEntry.set_session_state(7);
                                }
                                throw new NO_PERMISSION("security.JSAS0490E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                            }
                            try {
                                String uniqueSecurityName = wSCredentialFromSubject.getUniqueSecurityName();
                                wSCredentialFromSubject.getRealmUniqueSecurityName();
                                try {
                                    Any create_any = this.orb.create_any();
                                    X501DistinguishedNameHelper.insert(create_any, (byte[]) AccessController.doPrivileged(new PrivilegedExceptionAction(this, uniqueSecurityName) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.8
                                        private final String val$doPriv_Principal;
                                        private final CSIClientRIBase this$0;

                                        {
                                            this.this$0 = this;
                                            this.val$doPriv_Principal = uniqueSecurityName;
                                        }

                                        @Override // java.security.PrivilegedExceptionAction
                                        public Object run() throws Exception {
                                            X509CertSelector x509CertSelector = new X509CertSelector();
                                            x509CertSelector.setIssuer(this.val$doPriv_Principal);
                                            return x509CertSelector.getIssuerAsBytes();
                                        }
                                    }));
                                    identityToken.dn(this.csiUtil.getCodec().encode_value(create_any));
                                    if (SecurityLogger.debugTraceEnabled) {
                                        SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", new StringBuffer().append("Identity Assertion set to DN name (clientAuthenticationToken): ").append(uniqueSecurityName).toString());
                                    }
                                } catch (PrivilegedActionException e) {
                                    FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "2172", this);
                                    SecurityLogger.logError("security.JSAS0622E", new Object[]{"CSIClientRIBase.determineSecurityContextType", e.getException()});
                                    if (cSIv2EffectivePerformPolicy.isStateful() && sessionEntry != null && statefulContextID != 0) {
                                        sessionManager.csi_client_session_status_update(statefulContextID, clientSessionKey, 7);
                                        sessionEntry.set_session_state(7);
                                    }
                                    throw new NO_PERMISSION(new StringBuffer().append("security.JSAS0622E").append("  Privileged exception = ").append(e).toString(), SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
                                } catch (Exception e2) {
                                    FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "2188", this);
                                    SecurityLogger.logError("security.JSAS0622E", new Object[]{"CSIClientRIBase.determineSecurityContextType", e2});
                                    if (cSIv2EffectivePerformPolicy.isStateful() && sessionEntry != null && statefulContextID != 0) {
                                        sessionManager.csi_client_session_status_update(statefulContextID, clientSessionKey, 7);
                                        sessionEntry.set_session_state(7);
                                    }
                                    throw new NO_PERMISSION(new StringBuffer().append("security.JSAS0622E").append("  Original exception = ").append(e2).toString(), SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
                                }
                            } catch (Exception e3) {
                                if (SecurityLogger.debugTraceEnabled) {
                                    str = new StringBuffer().append("Exception occurred getting unique security name from credential: ").append(e3.getMessage()).toString();
                                    SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", str);
                                    SecurityLogger.traceException("CSIClientRIBase.determineSecurityContextType", e3, 0, 0);
                                }
                                FFDCFilter.processException(e3, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "2132", this);
                                throw new NO_PERMISSION(new StringBuffer().append(str).append("  Original exception = ").append(e3).toString(), SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
                            }
                        } else {
                            try {
                                Any create_any2 = this.orb.create_any();
                                if (z2) {
                                    if (securityName != null && securityName.length() > 0 && securityName.indexOf(EndPointMgr.DEFAULT) > -1) {
                                        int length = securityName.length();
                                        StringBuffer stringBuffer = new StringBuffer(2 * length);
                                        for (int i2 = 0; i2 < length; i2++) {
                                            char charAt = securityName.charAt(i2);
                                            if (charAt == '@') {
                                                stringBuffer.append(SecConstants.STRING_ESCAPE_CHARACTER).append(charAt);
                                            } else {
                                                stringBuffer.append(charAt);
                                            }
                                        }
                                        securityName = stringBuffer.toString();
                                    }
                                    GSSFactory gSSFactory = new GSSFactory(GSSUPMechOID.value);
                                    if ((realm == null || realm.equals("")) && securityName != null && !securityName.equals("")) {
                                        GSS_NT_ExportedNameHelper.insert(create_any2, gSSFactory.encodeExportedTargetName(securityName));
                                    } else if (realm == null || realm.equals("") || !(securityName == null || securityName.equals(""))) {
                                        GSS_NT_ExportedNameHelper.insert(create_any2, gSSFactory.encodeExportedTargetName(new StringBuffer().append(securityName).append(EndPointMgr.DEFAULT).append(realm).toString()));
                                    } else {
                                        GSS_NT_ExportedNameHelper.insert(create_any2, gSSFactory.encodeExportedTargetName(new StringBuffer().append(EndPointMgr.DEFAULT).append(realm).toString()));
                                    }
                                } else if (!z && z3) {
                                    GSS_NT_ExportedNameHelper.insert(create_any2, new GSSFactory("oid:1.3.18.0.2.30.2").encodeExportedTargetName(convertedString));
                                }
                                identityToken.principal_name(this.csiUtil.getCodec().encode_value(create_any2));
                                if (SecurityLogger.debugTraceEnabled) {
                                    SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", new StringBuffer().append("Identity Assertion set to principal_name (clientAuthenticationToken): ").append(securityName).toString());
                                }
                            } catch (Exception e4) {
                                FFDCFilter.processException(e4, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "2094", this);
                                SecurityLogger.logError("security.JSAS0622E", new Object[]{"CSIClientRIBase.determineSecurityContextType", e4});
                                if (cSIv2EffectivePerformPolicy.isStateful() && sessionEntry != null && statefulContextID != 0) {
                                    sessionManager.csi_client_session_status_update(statefulContextID, clientSessionKey, 7);
                                    sessionEntry.set_session_state(7);
                                }
                                throw new NO_PERMISSION(new StringBuffer().append("security.JSAS0622E").append("  Original exception = ").append(e4).toString(), SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
                            }
                        }
                    } else if (VaultConstants.ClientCertificate.equals(str2)) {
                        if ((cSIv2EffectivePerformPolicy.getPerformIdentityTokenType() & 4) == 0) {
                            SecurityLogger.logError("security.JSAS0491E", new Object[]{"CSIClientRIBase.determineSecurityContextType"});
                            if (cSIv2EffectivePerformPolicy.isStateful() && sessionEntry != null && statefulContextID != 0) {
                                sessionManager.csi_client_session_status_update(statefulContextID, clientSessionKey, 7);
                                sessionEntry.set_session_state(7);
                            }
                            throw new NO_PERMISSION("security.JSAS0491E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                        }
                        identityToken.certificate_chain(bArr);
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", "Identity Assertion set to certificates (clientCertificate).");
                        }
                    } else if (VaultConstants.ITTPrincipalName.equals(str2)) {
                        if ((cSIv2EffectivePerformPolicy.getPerformIdentityTokenType() & 2) == 0) {
                            SecurityLogger.logError("security.JSAS0492E", new Object[]{"CSIClientRIBase.determineSecurityContextType"});
                            if (cSIv2EffectivePerformPolicy.isStateful() && sessionEntry != null && statefulContextID != 0) {
                                sessionManager.csi_client_session_status_update(statefulContextID, clientSessionKey, 7);
                                sessionEntry.set_session_state(7);
                            }
                            throw new NO_PERMISSION("security.JSAS0492E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                        }
                        identityToken.principal_name(bArr);
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", new StringBuffer().append("Identity Assertion set to principal_name (ITTPrincipalName): ").append(StringBytesConversion.getConvertedString(bArr)).toString());
                        }
                    } else if (VaultConstants.ITTDistinguishedName.equals(str2)) {
                        if ((cSIv2EffectivePerformPolicy.getPerformIdentityTokenType() & 8) == 0) {
                            SecurityLogger.logError("security.JSAS0493E", new Object[]{"CSIClientRIBase.determineSecurityContextType"});
                            if (cSIv2EffectivePerformPolicy.isStateful() && sessionEntry != null && statefulContextID != 0) {
                                sessionManager.csi_client_session_status_update(statefulContextID, clientSessionKey, 7);
                                sessionEntry.set_session_state(7);
                            }
                            throw new NO_PERMISSION("security.JSAS0493E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                        }
                        identityToken.dn(bArr);
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", new StringBuffer().append("Identity Assertion set to distinguished name (ITTDistinguishedName): ").append(StringBytesConversion.getConvertedString(bArr)).toString());
                        }
                    } else if (VaultConstants.ITTX509CertChain.equals(str2)) {
                        if ((cSIv2EffectivePerformPolicy.getPerformIdentityTokenType() & 4) == 0) {
                            SecurityLogger.logError("security.JSAS0491E", new Object[]{"CSIClientRIBase.determineSecurityContextType"});
                            if (cSIv2EffectivePerformPolicy.isStateful() && sessionEntry != null && statefulContextID != 0) {
                                sessionManager.csi_client_session_status_update(statefulContextID, clientSessionKey, 7);
                                sessionEntry.set_session_state(7);
                            }
                            throw new NO_PERMISSION("security.JSAS0491E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
                        }
                        identityToken.certificate_chain(bArr);
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", "Identity Assertion set to certificates (ITTX509CertChain).");
                        }
                    } else if (this.secConfig.getauthenticationTarget() == 4) {
                        identityToken.absent(true);
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", "Identity Assertion set to absent: ");
                        }
                    }
                } catch (PrivilegedActionException e5) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CSIClientRIBase.determineSecurityContextType", new StringBuffer().append("Exception occurred: ").append(e5.getException().getMessage()).toString());
                        SecurityLogger.traceException("CSIClientRIBase.determineSecurityContextType", e5.getException(), 0, 0);
                    }
                    FFDCFilter.processException(e5.getException(), "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "1961", this);
                    throw e5.getException();
                }
            } catch (Exception e6) {
                FFDCFilter.processException(e6, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "1967", this);
                SecurityLogger.logActivity("CSIClientRIBase.determineSecurityContextType", 0, "Cannot get Identity Values: ");
                if (cSIv2EffectivePerformPolicy.isStateful() && sessionEntry != null && statefulContextID != 0) {
                    sessionManager.csi_client_session_status_update(statefulContextID, clientSessionKey, 7);
                    sessionEntry.set_session_state(7);
                }
                throw new NO_PERMISSION(new StringBuffer().append("Cannot get Identity Values: ").append("  Original exception = ").append(e6).toString(), SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
            }
        }
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRIBase.determineSecurityContextType");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setSecurityContext(ClientRequestInfo clientRequestInfo, SecurityContextImpl securityContextImpl, IdentityToken identityToken, Subject subject, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy, SessionManager sessionManager, SessionEntry sessionEntry, String str) {
        String str2 = "";
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIClientRIBase.setSecurityContext");
        }
        long statefulContextID = cSIv2EffectivePerformPolicy.getStatefulContextID();
        ClientSessionKey clientSessionKey = cSIv2EffectivePerformPolicy.getClientSessionKey();
        boolean performIdentityAssertion = cSIv2EffectivePerformPolicy.performIdentityAssertion();
        boolean performClientAuthentication = cSIv2EffectivePerformPolicy.performClientAuthentication();
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        if (securityContextImpl == null) {
            SecurityLogger.logError("security.JSAS0120E", new Object[]{"CSIClientRIBase.setSecurityContext"});
            if (cSIv2EffectivePerformPolicy.isStateful() && sessionEntry != null && statefulContextID != 0) {
                sessionManager.csi_client_session_status_update(statefulContextID, clientSessionKey, 7);
                sessionEntry.set_session_state(7);
            }
            throw new NO_PERMISSION("security.JSAS0120E", SecurityMinorCodes.SECURITY_MECHANISM_NOT_SUPPORTED, CompletionStatus.COMPLETED_NO);
        }
        if (performClientAuthentication && !performIdentityAssertion) {
            try {
                if (wSCredentialFromSubject.getCredentialToken() == null && this.secConfig.processIsServer()) {
                    SecurityLogger.debugMessage("CSIClientRIBase.setSecurityContext", "The WSCredential does not contain a forwardable token. Please enable Identity Assertion for this scenario.");
                    throw new NO_PERMISSION("The WSCredential does not contain a forwardable token. Please enable Identity Assertion for this scenario.", SecurityMinorCodes.INVALID_CREDENTIAL_TOKEN, CompletionStatus.COMPLETED_NO);
                }
                securityContextImpl.set_target_host_and_port(cSIv2EffectivePerformPolicy.getTargetHostName());
                securityContextImpl.set_target_realm(str);
                securityContextImpl.setTokenType(VaultConstants.CLIENTAUTH_ONLY);
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIClientRIBase.setSecurityContext", "Setting Client Authentication Token in the SecurityContextImpl. ");
                }
            } catch (Exception e) {
                if (SecurityLogger.debugTraceEnabled) {
                    str2 = new StringBuffer().append("Exception occurred getting token from credential: ").append(e.getMessage()).toString();
                    SecurityLogger.debugMessage("CSIClientRIBase.setSecurityContext", str2);
                    SecurityLogger.traceException("CSIClientRIBase.setSecurityContext", e, 0, 0);
                }
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.send_request", "2420", this);
                throw new NO_PERMISSION(new StringBuffer().append(str2).append("  Original exception = ").append(e).toString(), SecurityMinorCodes.CREDENTIAL_NOT_AVAILABLE, CompletionStatus.COMPLETED_NO);
            }
        } else if (performIdentityAssertion && performClientAuthentication) {
            securityContextImpl.setTokenType(VaultConstants.CLIENTAUTH_AND_IDENTITY);
        } else if (performIdentityAssertion) {
            securityContextImpl.setTokenType(VaultConstants.IDENTITY_ONLY);
        }
        securityContextImpl.setIdentityToken(identityToken);
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIClientRIBase.setSecurityContext", "Setting Identity Token in the SecurityContextImpl. ");
        }
        securityContextImpl.setClientSubject(subject);
        securityContextImpl.csi_client_preprotect(clientRequestInfo, securityContextImpl);
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugExit("CSIClientRIBase.setSecurityContext");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean is_local_client_request(ClientRequestInfo clientRequestInfo) {
        if (((ExtendedClientRequestInfo) clientRequestInfo).isLocal()) {
            if (!SecurityLogger.debugTraceEnabled) {
                return true;
            }
            SecurityLogger.debugMessage("CSIClientRIBase.is_local_client_request", "Local ORB request.");
            return true;
        }
        if (!SecurityLogger.debugTraceEnabled) {
            return false;
        }
        SecurityLogger.debugMessage("CSIClientRIBase.is_local_client_request", "Remote ORB request.");
        return false;
    }

    public void send_request_local(ClientRequestInfo clientRequestInfo) throws ForwardRequest {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject unwrapSubject(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "CSIClientRIBase.unwrapSubject");
        }
        if (subject == null || !this.secConfig.isRMIOutboundMappingEnabled()) {
            return subject;
        }
        Subject subject2 = (Subject) AccessController.doPrivileged(new PrivilegedAction(this, subject) { // from class: com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase.9
            private final Subject val$subject;
            private final CSIClientRIBase this$0;

            {
                this.this$0 = this;
                this.val$subject = subject;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                Class cls;
                Subject subject3 = this.val$subject;
                if (CSIClientRIBase.class$com$ibm$wsspi$security$auth$WSSubjectWrapper == null) {
                    cls = CSIClientRIBase.class$("com.ibm.wsspi.security.auth.WSSubjectWrapper");
                    CSIClientRIBase.class$com$ibm$wsspi$security$auth$WSSubjectWrapper = cls;
                } else {
                    cls = CSIClientRIBase.class$com$ibm$wsspi$security$auth$WSSubjectWrapper;
                }
                Iterator it = subject3.getPrivateCredentials(cls).iterator();
                if (it == null || !it.hasNext()) {
                    if (CSIClientRIBase.tc.isDebugEnabled()) {
                        Tr.debug(CSIClientRIBase.tc, "unwrapSubject: no embedded subject found");
                    }
                    return this.val$subject;
                }
                if (CSIClientRIBase.tc.isDebugEnabled()) {
                    Tr.debug(CSIClientRIBase.tc, "unwrapSubject: found embedded subject");
                }
                WSSubjectWrapper wSSubjectWrapper = (WSSubjectWrapper) it.next();
                if (it.hasNext()) {
                    Tr.warning(CSIClientRIBase.tc, "Embedded subject contains more than one WSSubjectWrapper object");
                }
                return wSSubjectWrapper.getSubject();
            }
        });
        if (subject2 == null) {
            return subject;
        }
        if (tc.isDebugEnabled()) {
            try {
                WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject2);
                if (wSCredentialFromSubject != null) {
                    Tr.debug(tc, new StringBuffer().append("subject security name = ").append(wSCredentialFromSubject.getSecurityName()).toString());
                } else {
                    Tr.debug(tc, "subject with null WSCredential");
                }
            } catch (Exception e) {
            }
        }
        return subject2;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ISecurityLocalObjectBaseL13Impl$CSIClientRIBase == null) {
            cls = class$("com.ibm.ISecurityLocalObjectBaseL13Impl.CSIClientRIBase");
            class$com$ibm$ISecurityLocalObjectBaseL13Impl$CSIClientRIBase = cls;
        } else {
            cls = class$com$ibm$ISecurityLocalObjectBaseL13Impl$CSIClientRIBase;
        }
        tc = Tr.register(cls, "SASRas", "com.ibm.ISecurityL13SupportImpl.sec");
        list = null;
        auditHandler = null;
        auditFactory = null;
        auditService = null;
    }
}
