package com.ibm.ISecurityLocalObjectCSIv2UtilityImpl;

import com.ibm.CORBA.iiop.ORB;
import com.ibm.CSIv2Security.CSIv2RequirementsNotSatisfied;
import com.ibm.CSIv2Security.CSIv2RequirementsNotSatisfiedReason;
import com.ibm.ISecurityL13SupportImpl.SecurityLogger;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.MechanismFactory;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.websphere.ras.RasMessage;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.cmdframework.impl.CommandSecurityUtil;
import com.ibm.ws.security.core.ContextManagerFactory;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.StringTokenizer;
import java.util.Vector;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.CompletionStatus;
import org.omg.CSI.KRB5MechOID;
import org.omg.CSIIOP.AS_ContextSec;
import org.omg.CSIIOP.AS_ContextSecHolder;
import org.omg.CSIIOP.SAS_ContextSec;
import org.omg.CSIIOP.SAS_ContextSecHolder;
import org.omg.CSIIOP.ServiceConfiguration;
import org.omg.CSIIOP.TLS_SEC_TRANSHolder;
import org.omg.GSSUP.GSSUPMechOID;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ISecurityLocalObjectCSIv2UtilityImpl/CSIv2EffectivePerformPolicy.class */
public final class CSIv2EffectivePerformPolicy {
    protected String _method = null;
    protected Object _proxy = null;
    protected String _protocol = "csiv2";
    protected boolean _stateful = true;
    protected long _stateful_context_id = 0;
    protected ClientSessionKey _client_session_key = null;
    protected String _connectionKey = "";
    protected String _mechTypeIdentity = "";
    protected boolean _performTLClientAuth = false;
    protected boolean _performTLServerAuth = false;
    protected boolean _performMsgDetectReplay = false;
    protected boolean _performMsgDetectMisordering = false;
    protected boolean _performMsgIntegrity = false;
    protected boolean _performMsgConfidentiality = false;
    protected boolean _performSSLTLS = false;
    protected boolean _performSECIOP = false;
    protected String _performSECIOPMechOID = "";
    protected String _targetHostName = "";
    protected int _targetTCPPort = 0;
    protected int _targetSSLPort = 0;
    protected boolean _performClientAuth = false;
    protected boolean _claimClientAuthRequired = false;
    protected String _performClientAuthMechOID = "";
    protected String _targetSecurityName = "";
    protected boolean _performIDAssertion = false;
    protected String[] _performIDANamingMechList = null;
    protected int _performIdentityTokenType = 0;
    protected String _performServiceCfgList = null;
    protected boolean _performAuthorizationToken = false;
    protected boolean _performDelegationByClient = false;
    protected boolean _isInternalRequestPolicy = false;
    protected CSIv2TaggedComponentHolder savedCSIv2Tag = null;
    protected static ORB _orb = null;
    protected static SecurityConfiguration secConfig = null;
    protected static Hashtable csiv2EffectivePolicyCache = new Hashtable();

    public String[] getPerformIDANamingMechList() {
        return this._performIDANamingMechList;
    }

    public int getPerformIdentityTokenType() {
        return this._performIdentityTokenType;
    }

    public boolean performIdentityAssertion() {
        return this._performIDAssertion;
    }

    public boolean performDelegationByClient() {
        return this._performDelegationByClient;
    }

    public boolean performAuthorizationToken() {
        return this._performAuthorizationToken;
    }

    public String getServiceCfgList() {
        return this._performServiceCfgList;
    }

    public String getPerformClientAuthMechOID() {
        return this._performClientAuthMechOID;
    }

    public boolean performClientAuthentication() {
        return this._performClientAuth;
    }

    public boolean claimClientAuthenticationRequired() {
        return this._claimClientAuthRequired;
    }

    public String getTargetSecurityName() {
        return this._targetSecurityName;
    }

    public String getTargetHostName() {
        return this._targetHostName;
    }

    public int getTargetTCPPort() {
        return this._targetTCPPort;
    }

    public int getTargetSSLPort() {
        return this._targetSSLPort;
    }

    public String getMechanismTypeIdentity() {
        if (this._performClientAuth) {
            if (this._performSSLTLS) {
                if (OID.compareOIDs(this._performClientAuthMechOID, GSSUPMechOID.value)) {
                    return "1.5";
                }
                if (OID.compareOIDs(this._performClientAuthMechOID, KRB5MechOID.value)) {
                }
            } else {
                if (OID.compareOIDs(this._performClientAuthMechOID, GSSUPMechOID.value)) {
                    return MechanismFactory.GSSUPOverTCP;
                }
                if (OID.compareOIDs(this._performClientAuthMechOID, KRB5MechOID.value)) {
                }
            }
        }
        return this._mechTypeIdentity;
    }

    public String getPerformSECIOPMechOID() {
        return this._performSECIOPMechOID;
    }

    public boolean performSSLTLS() {
        return this._performSSLTLS;
    }

    public boolean performSECIOP() {
        return this._performSECIOP;
    }

    public boolean performMsgConfidentiality() {
        return this._performMsgConfidentiality;
    }

    public boolean performMsgIntegrity() {
        return this._performMsgIntegrity;
    }

    public boolean performMsgDetectMisordering() {
        return this._performMsgDetectMisordering;
    }

    public boolean performMsgDetectReplay() {
        return this._performMsgDetectReplay;
    }

    public boolean performTLClientAuth() {
        return this._performTLClientAuth;
    }

    public boolean performTLServerAuth() {
        return this._performTLServerAuth;
    }

    private void evaluateStatefulness(boolean z, Vector vector) throws CSIv2RequirementsNotSatisfied {
        this._stateful = z && secConfig.getCSIv2PerformStateful();
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluateStatefulness", new StringBuffer().append("Stateful request? ").append(this._stateful).toString());
        }
    }

    private void evaluateTransportLayer(CSIv2TaggedComponent cSIv2TaggedComponent, Vector vector, int i) throws CSIv2RequirementsNotSatisfied {
        boolean z = false;
        if (cSIv2TaggedComponent == null) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0600E", "JSAS0600E: CSIv2 Tagged Component is NULL."));
            z = true;
        }
        int i2 = cSIv2TaggedComponent.get_Transport_tagID();
        short s = 0;
        short s2 = 0;
        if (i2 == 36) {
            TLS_SEC_TRANSHolder tls_sec_trans = cSIv2TaggedComponent.getTLS_SEC_TRANS();
            s = tls_sec_trans.value.target_supports;
            s2 = tls_sec_trans.value.target_requires;
            this._targetHostName = tls_sec_trans.value.addresses[0].host_name;
            this._targetSSLPort = tls_sec_trans.value.addresses[0].port;
            if (cSIv2TaggedComponent.getIORProfile() != null) {
                this._targetTCPPort = cSIv2TaggedComponent.getIORProfile().getPort();
            }
            if (secConfig.getCSIv2PerformTransportAssocSSLTLSSupported() || secConfig.getCSIv2PerformTransportAssocSSLTLSRequired()) {
                this._performSSLTLS = true;
            } else {
                this._performSSLTLS = false;
            }
        } else {
            if (i2 == 34) {
                if (cSIv2TaggedComponent.getIORProfile() != null) {
                    this._targetHostName = cSIv2TaggedComponent.getIORProfile().getHost();
                }
                if (cSIv2TaggedComponent.getIORProfile() != null) {
                    this._targetTCPPort = cSIv2TaggedComponent.getIORProfile().getPort();
                }
                this._performSSLTLS = false;
                this._performTLClientAuth = false;
                this._performMsgIntegrity = false;
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluateTransportLayer", new StringBuffer().append("Perform SSL/TLS: ").append(this._performSSLTLS).append(", Perform client auth at transport layer: ").append(this._performTLClientAuth).append(", Perform integrity at transport layer: ").append(this._performMsgIntegrity).append(", Perform confidentiality at transport layer: ").append(this._performMsgConfidentiality).append(", Target Host: ").append(this._targetHostName).append(", Target TCP Port: ").append(this._targetTCPPort).append(", Target SSL Port: ").append(this._targetSSLPort).toString());
                }
                if (secConfig.getCSIv2PerformTransportAssocSSLTLSRequired()) {
                    vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0603E", "JSAS0603E: The server does not support SSL/TLS, but the client is configured to require it."));
                    throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByClient, SecurityMessages.getMsgOrUseDefault("JSAS0550I", "JSAS0550I: Evaluation of the transport layer failed."));
                }
                return;
            }
            if (i2 == 35) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0601E", "JSAS0601E: The CSIv2 client configuration does not support SECIOP."));
                z = true;
            } else {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0602E", "JSAS0602E: No valid transport tagged components exist in the IOR."));
                z = true;
            }
        }
        if (s2 == 0 && s == 0 && secConfig.getCSIv2PerformTransportAssocSSLTLSRequired()) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0603E", "JSAS0603E: The server does not support SSL/TLS, but the client is configured to require it."));
            z = true;
        }
        if (!secConfig.getCSIv2PerformTransportAssocSSLTLSSupported() && !secConfig.getCSIv2PerformTransportAssocSSLTLSRequired() && this._targetTCPPort == 0) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0608E", "JSAS0608E: The server requires SSL Confidentiality but the client does not support it."));
            z = true;
        }
        if (secConfig.getCSIv2PerformTLClientAuthenticationRequired() && this._performSSLTLS) {
            if ((s2 & 64) != 0 || (s & 64) != 0) {
                this._performTLClientAuth = true;
            } else if (i > 1) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0604E", "JSAS0604E: The client is configured to require SSL client authentication but the server does not support it."));
                z = true;
            } else {
                this._performTLClientAuth = false;
            }
        } else if (!secConfig.getCSIv2PerformTLClientAuthenticationSupported() || !this._performSSLTLS) {
            if ((s2 & 64) != 0) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0606E", "JSAS0606E: The server is configured to require SSL client certificate authentication but the client does not support it."));
                z = true;
            }
            this._performTLClientAuth = false;
        } else if ((s2 & 64) != 0 || (s & 64) != 0) {
            this._performTLClientAuth = true;
        } else if (i > 1) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0605E", "JSAS0605E: The client is configured to support SSL client certificate authentication, however the server does not accept them."));
            z = true;
        } else {
            this._performTLClientAuth = false;
        }
        this._performTLServerAuth = true;
        if (secConfig.getCSIv2PerformMessageConfidentialityRequired() && this._performSSLTLS) {
            if ((s2 & 4) == 0 && (s & 4) == 0) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0607E", "JSAS0607E: The client is configured to require SSL Confidentiality but the server does not support it."));
                z = true;
            } else {
                this._performMsgConfidentiality = true;
            }
        } else if (!secConfig.getCSIv2PerformMessageConfidentialitySupported() || !this._performSSLTLS) {
            if ((s2 & 4) != 0) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0608E", "JSAS0608E: The server is configured to require Confidentiality but the client does not support it."));
                z = true;
            }
            this._performMsgConfidentiality = false;
        } else if ((s2 & 4) == 0 && (s & 4) == 0) {
            this._performMsgConfidentiality = false;
        } else {
            this._performMsgConfidentiality = true;
        }
        if (secConfig.getCSIv2PerformMessageIntegrityRequired() && this._performSSLTLS) {
            if ((s2 & 2) == 0 && (s & 2) == 0) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0609E", "JSAS0609E: The client is configured to require SSL Integrity but the server does not support it."));
                z = true;
            } else {
                this._performMsgIntegrity = true;
            }
        } else if (!secConfig.getCSIv2PerformMessageIntegritySupported() || !this._performSSLTLS) {
            if ((s2 & 2) != 0 && this._performSSLTLS) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0610E", "JSAS0610E: The server is configured to require SSL Integrity but the client does not support it."));
                z = true;
            }
            this._performMsgIntegrity = false;
        } else if ((s2 & 2) == 0 && (s & 2) == 0) {
            this._performMsgIntegrity = false;
        } else {
            this._performMsgIntegrity = true;
        }
        this._performMsgDetectReplay = true;
        this._performMsgDetectMisordering = true;
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluateTransportLayer", new StringBuffer().append("Perform SSL/TLS: ").append(this._performSSLTLS).append(", Perform client auth at transport layer: ").append(this._performTLClientAuth).append(", Perform integrity at transport layer: ").append(this._performMsgIntegrity).append(", Perform confidentiality at transport layer: ").append(this._performMsgConfidentiality).append(", Target Host: ").append(this._targetHostName).append(", Target TCP Port: ").append(this._targetTCPPort).append(", Target SSL Port: ").append(this._targetSSLPort).toString());
        }
        if (z) {
            throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByClient, SecurityMessages.getMsgOrUseDefault("JSAS0550I", "JSAS0550I: Evaluation of the transport layer failed."));
        }
    }

    private void evaluateClientAuthLayer(AS_ContextSecHolder aS_ContextSecHolder, Vector vector) throws CSIv2RequirementsNotSatisfied {
        boolean z = false;
        if (aS_ContextSecHolder == null || aS_ContextSecHolder.value == null) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0611E", "JSAS0611E: No authentication mechanism is defined at client authentication layer."));
            z = true;
        }
        AS_ContextSec aS_ContextSec = aS_ContextSecHolder.value;
        new CSIUtil();
        if (aS_ContextSec != null) {
            short s = aS_ContextSec.target_supports;
            short s2 = aS_ContextSec.target_requires;
            byte[] bArr = aS_ContextSec.client_authentication_mech;
            byte[] bArr2 = aS_ContextSec.target_name;
            if ((s2 & 64) != 0) {
                this._claimClientAuthRequired = true;
            }
            if (secConfig.getCSIv2PerformClientAuthenticationRequired()) {
                if ((s & 64) == 0 && (s2 & 64) == 0) {
                    vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0612E", "JSAS0612E: The client requires client authentication (e.g., userid/password), but the server does not support it."));
                    z = true;
                }
                this._performClientAuth = true;
            } else if (secConfig.getCSIv2PerformClientAuthenticationSupported()) {
                if ((s & 64) == 0 && (s2 & 64) == 0) {
                    this._performClientAuth = false;
                    if (s == 0) {
                        return;
                    }
                } else {
                    this._performClientAuth = true;
                }
            } else if ((s2 & 64) != 0) {
                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0613E", "JSAS0613E: The server requires client authentication (e.g., userid/password), but the client does not support it."));
                z = true;
            } else if (methodRequiresAuthenticationRegardlessOfPolicy(this._method, this._proxy)) {
                this._performClientAuth = true;
            } else {
                this._performClientAuth = false;
            }
            if (this._performClientAuth) {
                if (bArr2 == null) {
                    this._performClientAuth = false;
                    vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0618E", "JSAS0618E: The target security name is NULL in CSIv2 tagged component."));
                    z = true;
                } else if (this.savedCSIv2Tag != null && this.savedCSIv2Tag.value != null) {
                    this._targetSecurityName = this.savedCSIv2Tag.value.get_targetCompleteName();
                }
                String supportedTargetRealms = secConfig.getSupportedTargetRealms();
                boolean z2 = true;
                if (supportedTargetRealms != null && !supportedTargetRealms.equals("")) {
                    StringTokenizer stringTokenizer = new StringTokenizer(supportedTargetRealms, CommandSecurityUtil.PARAM_DELIM);
                    while (stringTokenizer.hasMoreTokens()) {
                        if (this._targetSecurityName.startsWith(stringTokenizer.nextToken())) {
                            z2 = false;
                        }
                    }
                }
                this._performClientAuthMechOID = new GSSFactory(bArr).getOIDName();
                if (z2) {
                    if (bArr == null) {
                        this._performClientAuth = false;
                        vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0611E", "JSAS0611E: No authentication mechanism is defined at client authentication layer."));
                        z = true;
                    } else if (!OID.compareOIDs(this._performClientAuthMechOID, GSSUPMechOID.value) && !OID.compareOIDs(this._performClientAuthMechOID, KRB5MechOID.value) && !OID.compareOIDs(this._performClientAuthMechOID, "oid:1.3.18.0.2.30.2") && !OID.compareOIDs(this._performClientAuthMechOID, secConfig.getWSSecurityContextCustomOID())) {
                        this._performClientAuth = false;
                        this._performClientAuthMechOID = null;
                        if ((s2 & 64) != 0 || secConfig.getCSIv2PerformClientAuthenticationRequired()) {
                            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0614E", "JSAS0614E: The OID supplied by the server is an unsupported OID for this WebSphere release."));
                            z = true;
                        }
                    } else if (!performIdentityAssertion()) {
                        if (OID.compareOIDs(this._performClientAuthMechOID, KRB5MechOID.value) || secConfig.getauthenticationTarget() != 6) {
                            if (OID.compareOIDs(this._performClientAuthMechOID, "oid:1.3.18.0.2.30.2") || secConfig.getauthenticationTarget() != 1) {
                                if (!OID.compareOIDs(this._performClientAuthMechOID, secConfig.getWSSecurityContextCustomOID()) && secConfig.getauthenticationTarget() == 8) {
                                    boolean lTPASupportedWithKerberos = secConfig.getLTPASupportedWithKerberos();
                                    if (!OID.compareOIDs(this._performClientAuthMechOID, "oid:1.3.18.0.2.30.2") && !lTPASupportedWithKerberos) {
                                        if ((s2 & 64) != 0 || secConfig.getCSIv2PerformClientAuthenticationRequired()) {
                                            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0617E", "JSAS0617E: The client configuration specifies the Custom authentication mechanism, but the server does not support it."));
                                            z = true;
                                        } else {
                                            this._performClientAuth = false;
                                            this._performClientAuthMechOID = null;
                                        }
                                    }
                                }
                            } else if ((s2 & 64) != 0 || secConfig.getCSIv2PerformClientAuthenticationRequired()) {
                                vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0616E", "JSAS0616E: The client configuration specifies the LTPA authentication mechanism, but the server does not support it."));
                                z = true;
                            } else {
                                this._performClientAuth = false;
                                this._performClientAuthMechOID = null;
                            }
                        } else if ((s2 & 64) != 0 || secConfig.getCSIv2PerformClientAuthenticationRequired()) {
                            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0615E", "JSAS0615E: The client configuration specifies the Kerberos authentication mechanism, but the server does not support it."));
                            z = true;
                        } else {
                            this._performClientAuth = false;
                            this._performClientAuthMechOID = null;
                        }
                    }
                }
            }
        } else if (secConfig.getCSIv2PerformClientAuthenticationRequired()) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0611E", "JSAS0611E: No authentication mechanism is defined at client authentication layer."));
            z = true;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluateClientAuthLayer", new StringBuffer().append("Perform client authentication at message layer: ").append(this._performClientAuth).append(", Perform client auth mechanism: ").append(this._performClientAuthMechOID).append(", Target Name at message layer: ").append(this._targetSecurityName).toString());
        }
        if (z) {
            throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByClient, SecurityMessages.getMsgOrUseDefault("JSAS0551I", "JSAS0551I: Evaluation of the message layer failed."));
        }
    }

    private void evaluateAttributeLayer(SAS_ContextSecHolder sAS_ContextSecHolder, Vector vector) throws CSIv2RequirementsNotSatisfied {
        String str = null;
        boolean z = false;
        SAS_ContextSec sAS_ContextSec = sAS_ContextSecHolder.value;
        if (sAS_ContextSec != null) {
            short s = sAS_ContextSec.target_supports;
            short s2 = sAS_ContextSec.target_requires;
            byte[][] bArr = sAS_ContextSec.supported_naming_mechanisms;
            int i = sAS_ContextSec.supported_identity_types;
            ServiceConfiguration[] serviceConfigurationArr = sAS_ContextSec.privilege_authorities;
            if (secConfig.getCSIv2PerformIdentityAssertionRequired()) {
                if (bArr == null || bArr.length == 0) {
                    str = SecurityMessages.getMsgOrUseDefault("JSAS0620E", "JSAS0620E: No supported naming mechanisms are defined in attribute layer for Identity Assertion.");
                    vector.addElement(str);
                    z = true;
                }
                if (i == 0) {
                    str = SecurityMessages.getMsgOrUseDefault("JSAS0621E", "JSAS0621E: The target server does not support any identity token types.");
                    vector.addElement(str);
                    z = true;
                }
                if ((s & 1024) == 0 && (s2 & 1024) == 0) {
                    str = SecurityMessages.getMsgOrUseDefault("JSAS0619E", "JSAS0619E: The sending server requires Identity Assertion but the receiving server does not support it.");
                    vector.addElement(str);
                    z = true;
                }
                if (!z) {
                    this._performIDAssertion = true;
                }
            } else if (secConfig.getCSIv2PerformIdentityAssertionSupported() && ((s & 1024) != 0 || (s2 & 1024) != 0)) {
                if (i != 0 && bArr != null && bArr.length > 0) {
                    this._performIDAssertion = true;
                } else if (i == 0) {
                    str = SecurityMessages.getMsgOrUseDefault("JSAS0621E", "JSAS0621E: The target server does not support any identity token types.");
                    vector.addElement(str);
                    z = true;
                } else if (bArr == null || bArr.length == 0) {
                    str = SecurityMessages.getMsgOrUseDefault("JSAS0620E", "JSAS0620E: No supported naming mechanisms are defined in attribute layer for Identity Assertion.");
                    vector.addElement(str);
                    z = true;
                }
            }
            if (this._performIDAssertion) {
                Vector vector2 = new Vector();
                for (byte[] bArr2 : bArr) {
                    String oIDName = new GSSFactory(bArr2).getOIDName();
                    if (OID.compareOIDs(oIDName, KRB5MechOID.value)) {
                        if (secConfig.getCSIv2PerformIdentityAssertionMechanism() == 6) {
                            vector2.addElement(oIDName);
                        }
                    } else if (OID.compareOIDs(oIDName, GSSUPMechOID.value)) {
                        if (secConfig.getCSIv2PerformIdentityAssertionMechanism() == 4 || secConfig.getCSIv2PerformIdentityAssertionMechanism() == 6 || secConfig.getCSIv2PerformIdentityAssertionMechanism() == 2 || secConfig.getCSIv2PerformIdentityAssertionMechanism() == 1) {
                            vector2.addElement(oIDName);
                        }
                    } else if (OID.compareOIDs(oIDName, "oid:1.3.18.0.2.30.2")) {
                        if (secConfig.getCSIv2PerformIdentityAssertionMechanism() == 1) {
                            vector2.addElement(oIDName);
                        }
                    } else if (!OID.compareOIDs(oIDName, secConfig.getWSSecurityContextCustomOID())) {
                        str = SecurityMessages.getMsgOrUseDefault("JSAS0620E", "JSAS0620E: No supported naming mechanisms are defined in attribute layer for Identity Assertion.");
                        vector.addElement(str);
                        z = true;
                    } else if (secConfig.getCSIv2PerformIdentityAssertionMechanism() == 8) {
                        vector2.addElement(oIDName);
                    }
                }
                if (vector2.size() != 0) {
                    this._performIDANamingMechList = new String[vector2.size()];
                    for (int i2 = 0; i2 < vector2.size(); i2++) {
                        this._performIDANamingMechList[i2] = (String) vector2.elementAt(i2);
                    }
                }
                this._performIdentityTokenType = secConfig.getCSIv2PerformIdentityAssertionType() & i;
                this._performIDAssertion = true;
            }
            if (secConfig.isRMIOutboundPropagationEnabled() && serviceConfigurationArr != null) {
                for (int i3 = 0; i3 < serviceConfigurationArr.length; i3++) {
                    ServiceConfiguration serviceConfiguration = serviceConfigurationArr[i3];
                    if (serviceConfiguration.name != null && serviceConfiguration.name.length > 0) {
                        if (SecurityLogger.debugTraceEnabled) {
                            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluateAttributeLayer", new StringBuffer().append("Logging current service config syntax: ").append(serviceConfiguration.syntax).toString());
                            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluateAttributeLayer", new StringBuffer().append("Logging current service config bytes (size=").append(serviceConfiguration.name.length).append("): ").toString());
                            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluateAttributeLayer", serviceConfiguration.name);
                        }
                        String str2 = "";
                        if (serviceConfiguration.syntax == 324817) {
                            if (SecurityLogger.debugTraceEnabled) {
                                SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluateAttributeLayer", "Service config syntax is SCS_GSSExportedName.");
                            }
                            try {
                                str2 = VaultImpl.getInstance().getGSSFactory(GSSUPMechOID.value).decodeExportedTargetName(serviceConfiguration.name);
                            } catch (GSSEncodeDecodeException e) {
                                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.evaluateAttributeLayer", "1231", this);
                                throw new BAD_PARAM(new StringBuffer().append(str).append("  Original exception = ").append(e).toString(), SecurityMinorCodes.GSS_FORMAT_ERROR, CompletionStatus.COMPLETED_NO);
                            }
                        } else if (serviceConfiguration.syntax == 1229066446) {
                            if (SecurityLogger.debugTraceEnabled) {
                                SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluateAttributeLayer", "Service config syntax is CSIV2_PRIV_ATTR_SYNTAX.");
                            }
                            str2 = ORB.createCDRInputStream(_orb, serviceConfiguration.name, serviceConfiguration.name.length).read_string();
                        }
                        if (ContextManagerFactory.getInstance().processIsServer() && str2 != null && str2.equals(ContextManagerFactory.getInstance().getDefaultRealm())) {
                            this._performAuthorizationToken = true;
                        } else if (ContextManagerFactory.getInstance().processIsServer()) {
                            String supportedTargetRealms = secConfig.getSupportedTargetRealms();
                            if (supportedTargetRealms != null && !supportedTargetRealms.equals("")) {
                                StringTokenizer stringTokenizer = new StringTokenizer(supportedTargetRealms, CommandSecurityUtil.PARAM_DELIM);
                                while (true) {
                                    if (stringTokenizer.hasMoreTokens()) {
                                        if (stringTokenizer.nextToken().equalsIgnoreCase(str2)) {
                                            this._performAuthorizationToken = true;
                                            break;
                                        }
                                    } else {
                                        break;
                                    }
                                }
                            }
                            if (!this._performAuthorizationToken) {
                                str = "security.JSAS1479W";
                                SecurityLogger.logWarning(str, new Object[]{str2, ContextManagerFactory.getInstance().getDefaultRealm()});
                            }
                        } else {
                            this._performAuthorizationToken = true;
                        }
                        if (i3 == 0) {
                            this._performServiceCfgList = str2;
                        } else {
                            this._performServiceCfgList = new StringBuffer().append(this._performServiceCfgList).append(CommandSecurityUtil.PARAM_DELIM).append(str2).toString();
                        }
                    }
                }
            }
        } else if (secConfig.getCSIv2PerformIdentityAssertionRequired()) {
            vector.addElement(SecurityMessages.getMsgOrUseDefault("JSAS0619E", "JSAS0619E: The sending server requires Identity Assertion but the receiving server does not support it."));
            z = true;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluateAttributeLayer", new StringBuffer().append("Perform identity assertion at attribute layer: ").append(this._performIDAssertion).append(", Perform authorization token at attribute layer: ").append(this._performAuthorizationToken).append(", Authorization service configuration names: ").append(this._performServiceCfgList).toString());
        }
        if (z) {
            throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByClient, SecurityMessages.getMsgOrUseDefault("JSAS0552I", "JSAS0552I: Evaluation of the attribute layer failed."));
        }
    }

    public final synchronized CSIv2EffectivePerformPolicy getEffectivePolicy(CSIv2TaggedComponent[] cSIv2TaggedComponentArr, String str, Object obj) throws CSIv2RequirementsNotSatisfied {
        boolean z;
        this._method = str;
        this._proxy = obj;
        SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.getEffectivePolicy", "Enter getEffectivePolicy.");
        if (cSIv2TaggedComponentArr.length <= 0) {
            throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByTarget, "There are no CSIv2 Tagged Components in the List.");
        }
        Vector vector = null;
        for (int i = 0; i < cSIv2TaggedComponentArr.length; i++) {
            CSIv2TaggedComponentHolder cSIv2TaggedComponentHolder = new CSIv2TaggedComponentHolder(cSIv2TaggedComponentArr[i]);
            vector = new Vector();
            try {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.getEffectivePolicy", new StringBuffer().append("Evaluating CSIv2 tag ").append(i + 1).append(" of ").append(cSIv2TaggedComponentArr.length).toString());
                }
                z = evaluate(cSIv2TaggedComponentHolder, this, vector, cSIv2TaggedComponentArr.length - i);
            } catch (CSIv2RequirementsNotSatisfied e) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.getEffectivePolicy", new StringBuffer().append("CSIv2 tag ").append(i).append(" failed evaluation.").toString());
                }
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.getEffectivePolicy", "1296");
                z = false;
            }
            if (z) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.getEffectivePolicy", new StringBuffer().append("CSIv2 tag ").append(i + 1).append(" evaluation succeeded.").toString());
                }
                if (csiv2EffectivePolicyCache.size() > 50) {
                    if (SecurityLogger.debugTraceEnabled) {
                        SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.getEffectivePolicy", "Clearing effective policy cache, size > 50");
                    }
                    csiv2EffectivePolicyCache.clear();
                }
                if (this._performClientAuth || (!this._performClientAuth && this._method != null && !this._method.equals(""))) {
                    csiv2EffectivePolicyCache.put(cSIv2TaggedComponentArr, this);
                }
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.getEffectivePolicy", new StringBuffer().append("Size of effective policy cache = ").append(csiv2EffectivePolicyCache.size()).toString());
                }
                return this;
            }
        }
        if (vector == null) {
            throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByTarget, "SECURITY CLIENT/SERVER CONFIG MISMATCH:  The server does not support the client configuration.");
        }
        if (vector.isEmpty()) {
            throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByTarget, "SECURITY CLIENT/SERVER CONFIG MISMATCH:  The server does not support the client configuration.");
        }
        StringBuffer stringBuffer = new StringBuffer(500);
        stringBuffer.append(System.getProperty("line.separator"));
        stringBuffer.append(System.getProperty("line.separator"));
        stringBuffer.append(SecurityMessages.getMsgOrUseDefault("JSAS1477W", "JSAS1477W: SECURITY CLIENT/SERVER CONFIG MISMATCH:  The client security configuration (sas.client.props or outbound settings in GUI) does not support the server security configuration for the following reasons: "));
        int i2 = 0;
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            String str2 = (String) elements.nextElement();
            stringBuffer.append(System.getProperty("line.separator"));
            stringBuffer.append("     ");
            stringBuffer.append(SecurityMessages.getMsgOrUseDefault(RasMessage.ERROR, "ERROR "));
            i2++;
            stringBuffer.append(i2);
            stringBuffer.append(": ");
            stringBuffer.append(str2);
        }
        stringBuffer.append(System.getProperty("line.separator"));
        stringBuffer.append(System.getProperty("line.separator"));
        SecurityLogger.logWarning("CSIv2EffectivePerformPolicy.getEffectivePolicy", stringBuffer.toString());
        throw new CSIv2RequirementsNotSatisfied(CSIv2RequirementsNotSatisfiedReason.NotSatisfiedByTarget, stringBuffer.toString());
    }

    private final boolean evaluate(CSIv2TaggedComponentHolder cSIv2TaggedComponentHolder, CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy, Vector vector, int i) throws CSIv2RequirementsNotSatisfied {
        try {
            if (secConfig == null) {
                VaultImpl.getInstance();
                secConfig = VaultImpl.getSecurityConfiguration();
            }
            if (cSIv2TaggedComponentHolder == null || cSIv2TaggedComponentHolder.value == null) {
                SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluate", "CSIv2TagHolder is null or the value inside is null.");
                vector.addElement("CSIv2TagHolder is null or the value inside is null.");
            } else {
                CSIv2TaggedComponent cSIv2TaggedComponent = cSIv2TaggedComponentHolder.value;
                this.savedCSIv2Tag = cSIv2TaggedComponentHolder;
                if (cSIv2EffectivePerformPolicy != null) {
                    boolean z = false;
                    try {
                        cSIv2EffectivePerformPolicy.evaluateStatefulness(cSIv2TaggedComponent.isStateFul(), vector);
                    } catch (CSIv2RequirementsNotSatisfied e) {
                        z = true;
                    }
                    try {
                        cSIv2EffectivePerformPolicy.evaluateAttributeLayer(cSIv2TaggedComponent.getSAS_context_mech_holder(), vector);
                    } catch (CSIv2RequirementsNotSatisfied e2) {
                        FFDCFilter.processException(e2, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.evaluate", "1423");
                        z = true;
                    }
                    try {
                        cSIv2EffectivePerformPolicy.evaluateClientAuthLayer(cSIv2TaggedComponent.getAS_context_mech_holder(), vector);
                    } catch (CSIv2RequirementsNotSatisfied e3) {
                        z = true;
                    }
                    try {
                        cSIv2EffectivePerformPolicy.evaluateTransportLayer(cSIv2TaggedComponent, vector, i);
                    } catch (CSIv2RequirementsNotSatisfied e4) {
                        z = true;
                    }
                    return !z;
                }
                SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluate", "Effective policy object is null.");
                vector.addElement("Effective policy object is null.");
            }
            return false;
        } catch (Exception e5) {
            FFDCFilter.processException(e5, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.evaluate", "1467");
            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.evaluate", "Exception in getEffectivePolicy, probably CSIv2RequirementsNotSatisfied.");
            SecurityLogger.logException("CSIv2EffectivePerformPolicy.evaluate", e5, 0, 0);
            return false;
        }
    }

    public boolean isStateful() {
        return this._stateful;
    }

    public void setStateful(boolean z) {
        this._stateful = z;
    }

    public long getStatefulContextID() {
        return this._stateful_context_id;
    }

    public void setStatefulContextID(long j) {
        this._stateful_context_id = j;
    }

    public ClientSessionKey getClientSessionKey() {
        return this._client_session_key;
    }

    public void setClientSessionKey(ClientSessionKey clientSessionKey) {
        this._client_session_key = clientSessionKey;
    }

    public String getConnectionKey() {
        return this._connectionKey;
    }

    public void setConnectionKey(String str) {
        this._connectionKey = str;
    }

    public boolean getIsInternalRequestPolicy() {
        return this._isInternalRequestPolicy;
    }

    private CSIv2EffectivePerformPolicy() {
    }

    public static CSIv2EffectivePerformPolicy getInstance(CSIv2TaggedComponent[] cSIv2TaggedComponentArr) throws CSIv2RequirementsNotSatisfied {
        return getInstance(cSIv2TaggedComponentArr, null, null);
    }

    public static CSIv2EffectivePerformPolicy getInstance(CSIv2TaggedComponent[] cSIv2TaggedComponentArr, String str, Object obj) throws CSIv2RequirementsNotSatisfied {
        try {
            CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = (CSIv2EffectivePerformPolicy) csiv2EffectivePolicyCache.get(cSIv2TaggedComponentArr);
            if (cSIv2EffectivePerformPolicy != null) {
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.getInstance", new StringBuffer().append("Returning policy from cache for CSIv2TagList: ").append(cSIv2TaggedComponentArr).toString());
                }
                return (CSIv2EffectivePerformPolicy) cSIv2EffectivePerformPolicy.clone();
            }
            CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy2 = getInstance();
            cSIv2EffectivePerformPolicy2.getEffectivePolicy(cSIv2TaggedComponentArr, str, obj);
            return cSIv2EffectivePerformPolicy2;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.getInstance", "1727");
            if (SecurityLogger.debugTraceEnabled) {
                SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.getInstance", "Exception creating effective policy.");
            }
            SecurityLogger.logException("CSIv2EffectivePerformPolicy.getInstance", e, 0, 0);
            return null;
        }
    }

    public static CSIv2EffectivePerformPolicy getInternalRequestPolicyInstance() {
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = new CSIv2EffectivePerformPolicy();
        cSIv2EffectivePerformPolicy._stateful = false;
        cSIv2EffectivePerformPolicy._stateful_context_id = 0L;
        cSIv2EffectivePerformPolicy._client_session_key = null;
        cSIv2EffectivePerformPolicy._connectionKey = "";
        cSIv2EffectivePerformPolicy._mechTypeIdentity = "";
        cSIv2EffectivePerformPolicy._performTLClientAuth = true;
        cSIv2EffectivePerformPolicy._performTLServerAuth = false;
        cSIv2EffectivePerformPolicy._performMsgDetectReplay = false;
        cSIv2EffectivePerformPolicy._performMsgDetectMisordering = false;
        cSIv2EffectivePerformPolicy._performMsgIntegrity = false;
        cSIv2EffectivePerformPolicy._performMsgConfidentiality = false;
        cSIv2EffectivePerformPolicy._performSSLTLS = false;
        cSIv2EffectivePerformPolicy._performSECIOP = false;
        cSIv2EffectivePerformPolicy._performSECIOPMechOID = "";
        cSIv2EffectivePerformPolicy._targetHostName = "INTERNAL_SERVER_REQUEST";
        cSIv2EffectivePerformPolicy._targetTCPPort = 0;
        cSIv2EffectivePerformPolicy._targetSSLPort = 0;
        cSIv2EffectivePerformPolicy._performClientAuth = false;
        cSIv2EffectivePerformPolicy._claimClientAuthRequired = false;
        cSIv2EffectivePerformPolicy._performClientAuthMechOID = GSSUPMechOID.value;
        cSIv2EffectivePerformPolicy._targetSecurityName = "";
        cSIv2EffectivePerformPolicy._performIDAssertion = true;
        cSIv2EffectivePerformPolicy._performServiceCfgList = "";
        cSIv2EffectivePerformPolicy._performAuthorizationToken = false;
        cSIv2EffectivePerformPolicy._performIDANamingMechList = new String[]{GSSUPMechOID.value};
        cSIv2EffectivePerformPolicy._performIdentityTokenType = 15;
        cSIv2EffectivePerformPolicy._performDelegationByClient = false;
        cSIv2EffectivePerformPolicy._isInternalRequestPolicy = true;
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("getInternalRequestPolicyInstance", new StringBuffer().append("Returning local policy created for internal: ").append(cSIv2EffectivePerformPolicy).toString());
        }
        return cSIv2EffectivePerformPolicy;
    }

    public static CSIv2EffectivePerformPolicy getInstance() {
        return new CSIv2EffectivePerformPolicy();
    }

    public CSIv2TaggedComponentHolder getCSIv2TaggedComponent() {
        return this.savedCSIv2Tag;
    }

    protected Object clone() {
        CSIv2EffectivePerformPolicy cSIv2EffectivePerformPolicy = new CSIv2EffectivePerformPolicy();
        cSIv2EffectivePerformPolicy._client_session_key = null;
        cSIv2EffectivePerformPolicy._stateful_context_id = 0L;
        cSIv2EffectivePerformPolicy._connectionKey = this._connectionKey;
        cSIv2EffectivePerformPolicy._claimClientAuthRequired = this._claimClientAuthRequired;
        cSIv2EffectivePerformPolicy._mechTypeIdentity = this._mechTypeIdentity;
        _orb = _orb;
        cSIv2EffectivePerformPolicy._performAuthorizationToken = this._performAuthorizationToken;
        cSIv2EffectivePerformPolicy._performClientAuth = this._performClientAuth;
        cSIv2EffectivePerformPolicy._performClientAuthMechOID = this._performClientAuthMechOID;
        cSIv2EffectivePerformPolicy._performDelegationByClient = this._performDelegationByClient;
        cSIv2EffectivePerformPolicy._performIDANamingMechList = this._performIDANamingMechList;
        cSIv2EffectivePerformPolicy._performIDAssertion = this._performIDAssertion;
        cSIv2EffectivePerformPolicy._performIdentityTokenType = this._performIdentityTokenType;
        cSIv2EffectivePerformPolicy._performMsgConfidentiality = this._performMsgConfidentiality;
        cSIv2EffectivePerformPolicy._performMsgDetectMisordering = this._performMsgDetectMisordering;
        cSIv2EffectivePerformPolicy._performMsgDetectReplay = this._performMsgDetectReplay;
        cSIv2EffectivePerformPolicy._performMsgIntegrity = this._performMsgIntegrity;
        cSIv2EffectivePerformPolicy._performSECIOP = this._performSECIOP;
        cSIv2EffectivePerformPolicy._performSECIOPMechOID = this._performSECIOPMechOID;
        cSIv2EffectivePerformPolicy._performServiceCfgList = this._performServiceCfgList;
        cSIv2EffectivePerformPolicy._performSSLTLS = this._performSSLTLS;
        cSIv2EffectivePerformPolicy._performTLClientAuth = this._performTLClientAuth;
        cSIv2EffectivePerformPolicy._performTLServerAuth = this._performTLServerAuth;
        cSIv2EffectivePerformPolicy._protocol = this._protocol;
        cSIv2EffectivePerformPolicy._stateful = this._stateful;
        cSIv2EffectivePerformPolicy._targetHostName = this._targetHostName;
        cSIv2EffectivePerformPolicy._targetSecurityName = this._targetSecurityName;
        cSIv2EffectivePerformPolicy._targetSSLPort = this._targetSSLPort;
        cSIv2EffectivePerformPolicy._targetTCPPort = this._targetTCPPort;
        csiv2EffectivePolicyCache = csiv2EffectivePolicyCache;
        cSIv2EffectivePerformPolicy.savedCSIv2Tag = this.savedCSIv2Tag;
        secConfig = secConfig;
        cSIv2EffectivePerformPolicy._isInternalRequestPolicy = this._isInternalRequestPolicy;
        return cSIv2EffectivePerformPolicy;
    }

    public CSIv2EffectivePerformPolicy(byte[] bArr) throws Exception {
        deserializeVariables(bArr);
    }

    public byte[] getBytes() throws Exception {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("CSIv2EffectivePerformPolicy.getBytes");
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.getBytes", new StringBuffer().append("Session contents prior to serialization: ").append(toString()).toString());
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(300);
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        try {
            try {
                dataOutputStream.writeBoolean(this._stateful);
                dataOutputStream.writeBoolean(this._performTLClientAuth);
                dataOutputStream.writeBoolean(this._performTLServerAuth);
                dataOutputStream.writeBoolean(this._performMsgDetectReplay);
                dataOutputStream.writeBoolean(this._performMsgDetectMisordering);
                dataOutputStream.writeBoolean(this._performMsgIntegrity);
                dataOutputStream.writeBoolean(this._performMsgConfidentiality);
                dataOutputStream.writeBoolean(this._performSSLTLS);
                dataOutputStream.writeBoolean(this._performSECIOP);
                dataOutputStream.writeBoolean(this._performClientAuth);
                dataOutputStream.writeBoolean(this._claimClientAuthRequired);
                dataOutputStream.writeBoolean(this._performIDAssertion);
                dataOutputStream.writeBoolean(this._performAuthorizationToken);
                dataOutputStream.writeBoolean(this._performDelegationByClient);
                dataOutputStream.writeLong(this._stateful_context_id);
                dataOutputStream.writeInt(this._targetTCPPort);
                dataOutputStream.writeInt(this._targetSSLPort);
                dataOutputStream.writeInt(this._performIdentityTokenType);
                if (this._connectionKey == null || this._connectionKey.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._connectionKey.length());
                    dataOutputStream.write(this._connectionKey.getBytes(), 0, this._connectionKey.length());
                }
                if (this._mechTypeIdentity == null || this._mechTypeIdentity.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._mechTypeIdentity.length());
                    dataOutputStream.write(this._mechTypeIdentity.getBytes(), 0, this._mechTypeIdentity.length());
                }
                if (this._performSECIOPMechOID == null || this._performSECIOPMechOID.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._performSECIOPMechOID.length());
                    dataOutputStream.write(this._performSECIOPMechOID.getBytes(), 0, this._performSECIOPMechOID.length());
                }
                if (this._targetHostName == null || this._targetHostName.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._targetHostName.length());
                    dataOutputStream.write(this._targetHostName.getBytes(), 0, this._targetHostName.length());
                }
                if (this._performClientAuthMechOID == null || this._performClientAuthMechOID.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._performClientAuthMechOID.length());
                    dataOutputStream.write(this._performClientAuthMechOID.getBytes(), 0, this._performClientAuthMechOID.length());
                }
                if (this._targetSecurityName == null || this._targetSecurityName.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._targetSecurityName.length());
                    dataOutputStream.write(this._targetSecurityName.getBytes(), 0, this._targetSecurityName.length());
                }
                if (this._performServiceCfgList == null || this._performServiceCfgList.length() <= 0) {
                    dataOutputStream.writeInt(0);
                } else {
                    dataOutputStream.writeInt(this._performServiceCfgList.length());
                    dataOutputStream.write(this._performServiceCfgList.getBytes(), 0, this._performServiceCfgList.length());
                }
                if (this._performIDANamingMechList != null) {
                    dataOutputStream.writeInt(this._performIDANamingMechList.length);
                    for (int i = 0; i < this._performIDANamingMechList.length; i++) {
                        if (this._performIDANamingMechList[i] == null || this._performIDANamingMechList[i].length() <= 0) {
                            dataOutputStream.writeInt(0);
                        } else {
                            dataOutputStream.writeInt(this._performIDANamingMechList[i].length());
                            dataOutputStream.write(this._performIDANamingMechList[i].getBytes(), 0, this._performIDANamingMechList[i].length());
                        }
                    }
                } else {
                    dataOutputStream.writeInt(0);
                }
                dataOutputStream.writeBoolean(this._isInternalRequestPolicy);
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                if (byteArrayOutputStream != null) {
                    byteArrayOutputStream.close();
                }
                if (dataOutputStream != null) {
                    dataOutputStream.close();
                }
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("CSIv2EffectivePerformPolicy.getBytes");
                }
                return byteArray;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.CSIv2EffectivePerformPolicy.getBytes", "2006", this);
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.getBytes", "Exception serializing native variables.");
                }
                SecurityLogger.logException("CSIv2EffectivePerformPolicy.getBytes", e, 0, 0);
                throw e;
            }
        } catch (Throwable th) {
            if (byteArrayOutputStream != null) {
                byteArrayOutputStream.close();
            }
            if (dataOutputStream != null) {
                dataOutputStream.close();
            }
            throw th;
        }
    }

    private void deserializeVariables(byte[] bArr) throws Exception {
        if (SecurityLogger.debugEntryEnabled) {
            SecurityLogger.debugEntry("ExtendedSSLConnectionData.deserializeVariables");
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        DataInputStream dataInputStream = new DataInputStream(byteArrayInputStream);
        try {
            try {
                this._stateful = dataInputStream.readBoolean();
                this._performTLClientAuth = dataInputStream.readBoolean();
                this._performTLServerAuth = dataInputStream.readBoolean();
                this._performMsgDetectReplay = dataInputStream.readBoolean();
                this._performMsgDetectMisordering = dataInputStream.readBoolean();
                this._performMsgIntegrity = dataInputStream.readBoolean();
                this._performMsgConfidentiality = dataInputStream.readBoolean();
                this._performSSLTLS = dataInputStream.readBoolean();
                this._performSECIOP = dataInputStream.readBoolean();
                this._performClientAuth = dataInputStream.readBoolean();
                this._claimClientAuthRequired = dataInputStream.readBoolean();
                this._performIDAssertion = dataInputStream.readBoolean();
                this._performAuthorizationToken = dataInputStream.readBoolean();
                this._performDelegationByClient = dataInputStream.readBoolean();
                this._stateful_context_id = dataInputStream.readLong();
                this._targetTCPPort = dataInputStream.readInt();
                this._targetSSLPort = dataInputStream.readInt();
                this._performIdentityTokenType = dataInputStream.readInt();
                int readInt = dataInputStream.readInt();
                if (readInt > 0) {
                    byte[] bArr2 = new byte[readInt];
                    dataInputStream.read(bArr2, 0, readInt);
                    this._connectionKey = new String(bArr2);
                }
                int readInt2 = dataInputStream.readInt();
                if (readInt2 > 0) {
                    byte[] bArr3 = new byte[readInt2];
                    dataInputStream.read(bArr3, 0, readInt2);
                    this._mechTypeIdentity = new String(bArr3);
                }
                int readInt3 = dataInputStream.readInt();
                if (readInt3 > 0) {
                    byte[] bArr4 = new byte[readInt3];
                    dataInputStream.read(bArr4, 0, readInt3);
                    this._performSECIOPMechOID = new String(bArr4);
                }
                int readInt4 = dataInputStream.readInt();
                if (readInt4 > 0) {
                    byte[] bArr5 = new byte[readInt4];
                    dataInputStream.read(bArr5, 0, readInt4);
                    this._targetHostName = new String(bArr5);
                }
                int readInt5 = dataInputStream.readInt();
                if (readInt5 > 0) {
                    byte[] bArr6 = new byte[readInt5];
                    dataInputStream.read(bArr6, 0, readInt5);
                    this._performClientAuthMechOID = new String(bArr6);
                }
                int readInt6 = dataInputStream.readInt();
                if (readInt6 > 0) {
                    byte[] bArr7 = new byte[readInt6];
                    dataInputStream.read(bArr7, 0, readInt6);
                    this._targetSecurityName = new String(bArr7);
                }
                int readInt7 = dataInputStream.readInt();
                if (readInt7 > 0) {
                    byte[] bArr8 = new byte[readInt7];
                    dataInputStream.read(bArr8, 0, readInt7);
                    this._performServiceCfgList = new String(bArr8);
                }
                int readInt8 = dataInputStream.readInt();
                ArrayList arrayList = new ArrayList();
                for (int i = 0; i < readInt8; i++) {
                    int readInt9 = dataInputStream.readInt();
                    if (readInt9 > 0) {
                        byte[] bArr9 = new byte[readInt9];
                        dataInputStream.read(bArr9, 0, readInt9);
                        arrayList.add(new String(bArr9));
                    }
                }
                if (arrayList.size() > 0) {
                    this._performIDANamingMechList = (String[]) arrayList.toArray(new String[0]);
                }
                this._isInternalRequestPolicy = dataInputStream.readBoolean();
                if (byteArrayInputStream != null) {
                    byteArrayInputStream.close();
                }
                if (dataInputStream != null) {
                    dataInputStream.close();
                }
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("ExtendedSSLConnectionData.deserializeVariables", new StringBuffer().append("Session after deserialization: ").append(toString()).toString());
                }
                if (SecurityLogger.debugEntryEnabled) {
                    SecurityLogger.debugExit("ExtendedSSLConnectionData.deserializeVariables");
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.orbssl.ExtendedSSLConnectionData.deserializeVariables", "2153", this);
                if (SecurityLogger.debugTraceEnabled) {
                    SecurityLogger.debugMessage("ExtendedSSLConnectionData.deserializeVariables", "Exception de-serializing native variables.");
                }
                SecurityLogger.logException("ExtendedSSLConnectionData.deserializeVariables", e, 0, 0);
                throw e;
            }
        } catch (Throwable th) {
            if (byteArrayInputStream != null) {
                byteArrayInputStream.close();
            }
            if (dataInputStream != null) {
                dataInputStream.close();
            }
            throw th;
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(new StringBuffer().append("\n_stateful: ").append(this._stateful).toString());
        stringBuffer.append(new StringBuffer().append("\n_performTLClientAuth: ").append(this._performTLClientAuth).toString());
        stringBuffer.append(new StringBuffer().append("\n_performTLServerAuth: ").append(this._performTLServerAuth).toString());
        stringBuffer.append(new StringBuffer().append("\n_performMsgDetectReplay: ").append(this._performMsgDetectReplay).toString());
        stringBuffer.append(new StringBuffer().append("\n_performMsgDetectMisordering: ").append(this._performMsgDetectMisordering).toString());
        stringBuffer.append(new StringBuffer().append("\n_performMsgIntegrity: ").append(this._performMsgIntegrity).toString());
        stringBuffer.append(new StringBuffer().append("\n_performMsgConfidentiality: ").append(this._performMsgConfidentiality).toString());
        stringBuffer.append(new StringBuffer().append("\n_performSSLTLS: ").append(this._performSSLTLS).toString());
        stringBuffer.append(new StringBuffer().append("\n_performSECIOP: ").append(this._performSECIOP).toString());
        stringBuffer.append(new StringBuffer().append("\n_performClientAuth: ").append(this._performClientAuth).toString());
        stringBuffer.append(new StringBuffer().append("\n_claimClientAuthRequired: ").append(this._claimClientAuthRequired).toString());
        stringBuffer.append(new StringBuffer().append("\n_performIDAssertion: ").append(this._performIDAssertion).toString());
        stringBuffer.append(new StringBuffer().append("\n_performAuthorizationToken: ").append(this._performAuthorizationToken).toString());
        stringBuffer.append(new StringBuffer().append("\n_performDelegationByClient: ").append(this._performDelegationByClient).toString());
        stringBuffer.append(new StringBuffer().append("\n_stateful_context_id: ").append(this._stateful_context_id).toString());
        stringBuffer.append(new StringBuffer().append("\n_targetTCPPort: ").append(this._targetTCPPort).toString());
        stringBuffer.append(new StringBuffer().append("\n_targetSSLPort: ").append(this._targetSSLPort).toString());
        stringBuffer.append(new StringBuffer().append("\n_performIdentityTokenType: ").append(this._performIdentityTokenType).toString());
        stringBuffer.append(new StringBuffer().append("\n_mechTypeIdentity: ").append(this._mechTypeIdentity).toString());
        stringBuffer.append(new StringBuffer().append("\n_performSECIOPMechOID: ").append(this._performSECIOPMechOID).toString());
        stringBuffer.append(new StringBuffer().append("\n_targetHostName: ").append(this._targetHostName).toString());
        stringBuffer.append(new StringBuffer().append("\n_performClientAuthMechOID: ").append(this._performClientAuthMechOID).toString());
        stringBuffer.append(new StringBuffer().append("\n_targetSecurityName: ").append(this._targetSecurityName).toString());
        stringBuffer.append(new StringBuffer().append("\n_performServiceCfgList: ").append(this._performServiceCfgList).toString());
        stringBuffer.append(new StringBuffer().append("\n_performIDANamingMechList length: ").append(this._performIDANamingMechList == null ? "0" : Integer.toString(this._performIDANamingMechList.length)).toString());
        stringBuffer.append(new StringBuffer().append("\n_internalRequestPolicy: ").append(this._isInternalRequestPolicy).toString());
        stringBuffer.append(new StringBuffer().append("\n_connectionKey: ").append(this._connectionKey).toString());
        return stringBuffer.toString();
    }

    private boolean methodRequiresAuthenticationRegardlessOfPolicy(String str, Object obj) {
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.methodRequiresAuthenticationRegardlessOfPolicy", new StringBuffer().append("Method: ").append(str).append(", interfaceName: ").append(obj == null ? "null" : obj.getClass().getName()).toString());
        }
        if (obj == null || str == null) {
            return false;
        }
        boolean z = false;
        String name = obj.getClass().getName();
        if ((name.equals("com.ibm.ws.orb.services.lsd._LocationServiceStub") || name.equals("com.ibm.ws.orbimpl.services.lsd.LocationServiceImpl") || name.equals("com.ibm.org.omg.CORBA._ObjectStub")) && (str.equals("register_server") || str.equals("unregister_server") || str.equals("register_object_adapters") || str.equals("usregister_object_adapters"))) {
            z = true;
        }
        if (SecurityLogger.debugTraceEnabled) {
            SecurityLogger.debugMessage("CSIv2EffectivePerformPolicy.methodRequiresAuthenticationRegardlessOfPolicy", new StringBuffer().append("methodRequiresAuthenticationRegardlessOfPolicy: returned ").append(z).append(".").toString());
        }
        return z;
    }
}
