package com.ibm.ws.security.localOSORB;

import com.ibm.ISecurityUtilityImpl.CSIUtil;
import com.ibm.ISecurityUtilityImpl.SecurityMinorCodes;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.AuthCache;
import com.ibm.ws.security.auth.PlatformCredential;
import com.ibm.ws.security.auth.SecurityCache;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.auth.WSCredentialImpl;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import com.ibm.ws.security.core.SecurityConfig;
import com.ibm.ws.security.core.UserMappingImpl;
import com.ibm.ws.security.ltpa.AuthzPropToken;
import com.ibm.ws.security.token.PropagationTokenImpl;
import com.ibm.ws.security.token.WSCredentialTokenMapper;
import com.ibm.ws.security.token.WSCredentialTokenMapperInterface;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.util.PlatformHelperFactory;
import com.ibm.wsspi.security.csiv2.CSIv2PerformPolicy;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.security.token.TokenHolder;
import com.ibm.wsspi.security.token.WSOpaqueTokenHelper;
import com.ibm.wsspi.security.token.WSSecurityPropagationHelper;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.ObjectOutputStream;
import java.nio.ByteBuffer;
import java.rmi.RemoteException;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.x500.X500Principal;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.NO_PERMISSION;

/* loaded from: input_file:com.ibm.ws.admin.client_6.1.0.jar:com/ibm/ws/security/localOSORB/SecurityORBImpl.class */
public final class SecurityORBImpl implements SecurityORBInterface {
    private static final TraceComponent tc;
    private static final int IDTypeServer = 2;
    private static final int IDTypeClNative = 4;
    private static final int IDTypeClUnauthenticated = 8;
    private static final int IDTypeDefault = 14;
    private static SecurityORBImpl soi;
    private ContextManager contextManager;
    private SecurityCache cache = null;
    private WSCredentialTokenMapperInterface wsCredTokenMapper = null;
    private boolean defaultControllerOutboundIsServer = false;
    private Boolean isSAFRegistry = null;
    private Boolean securityDisabled = null;
    public static final int UID_PW_LOGIN_FAILED_MINOR = -910016206;
    public static final int LTPA_LOGIN_FAILED_MINOR = -910016205;
    public static final int UNABLE_TO_ASSERT_ID_MINOR = -910016204;
    static Class class$com$ibm$ws$security$localOSORB$SecurityORBImpl;

    public static final SecurityORBImpl getSecurityORB() {
        return soi;
    }

    private SecurityORBImpl() {
        this.contextManager = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>");
        }
        this.contextManager = ContextManagerFactory.getInstance();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "<init>", this);
        }
    }

    private SecurityCache getCache() {
        if (this.cache != null) {
            return this.cache;
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCache");
        }
        synchronized (soi) {
            this.cache = AuthCache.getInstance();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCache", this.cache);
        }
        return this.cache;
    }

    @Override // com.ibm.ws.security.localOSORB.SecurityORBInterface
    public void initialize(String str, int i, String str2, int i2, int i3) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize", new Object[]{str, new Integer(i), str2, new Integer(i2), new Integer(i3)});
        }
        if (!PlatformHelperFactory.getPlatformHelper().isClientJvm()) {
        }
        this.defaultControllerOutboundIsServer = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize");
        }
    }

    private boolean isSAFRegistry() {
        if (this.isSAFRegistry != null) {
            return this.isSAFRegistry.booleanValue();
        }
        synchronized (this) {
            if (!PlatformHelperFactory.getPlatformHelper().isClientJvm()) {
                this.isSAFRegistry = new Boolean(this.contextManager.getProperty("security.use.localos.userregistry"));
            }
        }
        return this.isSAFRegistry.booleanValue();
    }

    private boolean isSecurityDisabled() {
        if (this.securityDisabled != null) {
            return this.securityDisabled.booleanValue();
        }
        this.securityDisabled = new Boolean(!this.contextManager.isServerSecurityEnabled());
        return this.securityDisabled.booleanValue();
    }

    @Override // com.ibm.ws.security.localOSORB.SecurityORBInterface
    public void connectReceivedCredentials(int i, byte[] bArr, int i2, byte[] bArr2, byte[] bArr3, boolean z, byte[] bArr4, int i3, String str, int i4, String str2, String str3, long j, byte[] bArr5, String str4) throws RemoteException {
        if (tc.isEntryEnabled()) {
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[15];
            objArr[0] = new Integer(i);
            objArr[1] = bArr;
            objArr[2] = new Integer(i2);
            objArr[3] = bArr2;
            objArr[4] = bArr3;
            objArr[5] = new Boolean(z);
            objArr[6] = bArr4;
            objArr[7] = new Integer(i3);
            objArr[8] = str;
            objArr[9] = new Integer(i4);
            objArr[10] = str2;
            objArr[11] = str3;
            objArr[12] = new Long(j);
            objArr[13] = bArr5;
            objArr[14] = str4 == null ? "null" : "****";
            Tr.entry(traceComponent, "connectReceivedCredential", objArr);
        }
        SecurityConfig config = SecurityConfig.getConfig();
        String str5 = (String) config.getValue("com.ibm.ws.security.defaultLoginConfig");
        Subject subject = null;
        if (i3 == 2) {
            try {
                subject = this.contextManager.getServerSubject();
            } catch (Exception e) {
                throw new RemoteException(new StringBuffer().append("getServerSubject failure: ").append(e.getMessage()).toString(), e);
            }
        } else if (i3 == 8 || i3 == 14) {
            try {
                subject = this.contextManager.createUnauthenticatedSubject();
            } catch (Exception e2) {
                throw new RemoteException(new StringBuffer().append("getUnauthenticatedCredential failure: ").append(e2.getMessage()).toString(), e2);
            }
        } else if (null != str4) {
            try {
                subject = this.contextManager.login(str2, str, str4, config.getRMIInboundLoginConfig(), (HttpServletRequest) null, (HttpServletResponse) null, (Map) null);
            } catch (Exception e3) {
                throwNoPermission(e3, UID_PW_LOGIN_FAILED_MINOR);
            }
        } else if (i > 0) {
            try {
                subject = doCSIv2Token(i, bArr, str2, bArr4, bArr3);
            } catch (Exception e4) {
                throwNoPermission(e4, LTPA_LOGIN_FAILED_MINOR);
            }
        } else if (i2 == 0) {
            String defaultRealm = str2 != null ? str2 : this.contextManager.getDefaultRealm();
            if (PlatformHelperFactory.getPlatformHelper().isControlJvm()) {
                try {
                    subject = this.contextManager.login(defaultRealm, str, str5, (HttpServletRequest) null, (HttpServletResponse) null, (Map) null);
                } catch (Exception e5) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Login failed", e5);
                    }
                    if (i3 != 14 && i3 != 4) {
                        throw new RemoteException("Authentication failed", e5);
                    }
                    try {
                        subject = this.contextManager.createUnauthenticatedSubject();
                    } catch (Exception e6) {
                        throw new RemoteException(new StringBuffer().append("getUnauthenticatedCredential failure: ").append(e6.getMessage()).toString(), e6);
                    }
                }
            } else {
                if (isSAFRegistry()) {
                }
                try {
                    subject = this.contextManager.login(defaultRealm, str, config.getRMIInboundLoginConfig(), (HttpServletRequest) null, (HttpServletResponse) null, (Map) null);
                } catch (Exception e7) {
                    throw new RemoteException("Authentication failed", e7);
                }
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("idType is ").append(i2).toString());
        }
        if (i2 > 0) {
            if (i3 == 8 || i3 == 14 || this.contextManager.getUnauthenticatedString().equals(new String(bArr2))) {
                try {
                    subject = this.contextManager.createUnauthenticatedSubject();
                } catch (Exception e8) {
                    throw new RemoteException("Could not acquire unauthenticated credential", e8);
                }
            } else {
                if (i > 0) {
                    checkID(subject);
                    try {
                        this.contextManager.clearCallerContext();
                    } catch (Exception e9) {
                        Tr.event(tc, "Unexpected exception from clearCallerContext", e9);
                    }
                }
                try {
                    subject = doCSIv2Token(i2, bArr2, str2, bArr4, bArr3);
                } catch (Exception e10) {
                    throwNoPermission(e10, UNABLE_TO_ASSERT_ID_MINOR);
                }
            }
        }
        try {
            this.contextManager.initializeCallerContext(subject);
        } catch (WSSecurityException e11) {
            Tr.event(tc, "security.ORB.WSSecurityException", e11);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "connectReceivedCredential");
        }
    }

    @Override // com.ibm.ws.security.localOSORB.SecurityORBInterface
    public void disconnectReceivedCredentials() {
        WSCredentialImpl wSCredentialImpl;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "disconnectReceivedCredentials");
        }
        try {
            if (PlatformHelperFactory.getPlatformHelper().isClientJvm() || (wSCredentialImpl = (WSCredentialImpl) SubjectHelper.getWSCredentialFromSubject(this.contextManager.getCallerSubject())) == null || wSCredentialImpl.getCredentialToken() != null) {
            }
            this.contextManager.clearCallerContext();
        } catch (Exception e) {
            Tr.event(tc, "caught callerCred exception", e);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "disconnectReceivedCredential");
        }
    }

    private int getNscTokenFromSubject(Subject subject) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getNscTokenFromSubject", subject);
        }
        PlatformCredential platformCredential = null;
        try {
            platformCredential = (PlatformCredential) AccessController.doPrivileged(new PrivilegedExceptionAction(this, subject) { // from class: com.ibm.ws.security.localOSORB.SecurityORBImpl.1
                private final Subject val$subject;
                private final SecurityORBImpl this$0;

                {
                    this.this$0 = this;
                    this.val$subject = subject;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(this.val$subject);
                    if (wSCredentialFromSubject != null) {
                        return wSCredentialFromSubject.get("com.ibm.ws.security.zos.PlatformCredential");
                    }
                    return null;
                }
            });
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            FFDCFilter.processException(exception, "com.ibm.ws.security.SecurityORBImpl.getNscTokenFromSubject", "695", this);
            if (exception instanceof CredentialDestroyedException) {
                Tr.event(tc, "security.cred.CredentialDestroyedException", exception);
            } else if (exception instanceof CredentialExpiredException) {
                Tr.event(tc, "security.cred.CredentialExpiredException", exception);
            } else {
                Tr.event(tc, "security.ORB.WSSecurityException", new WSSecurityException(exception));
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Platform credential", platformCredential);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getNscTokenFromSubject", new Integer(0));
        }
        return 0;
    }

    private X509Certificate[] convertCertificate(byte[] bArr) throws RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "convertCertificate", bArr);
        }
        try {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) CertificateFactory.getInstance("X.509").generateCertificates(new DataInputStream(new ByteArrayInputStream(bArr))).toArray(new X509Certificate[0]);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "convertCertificate", x509CertificateArr);
            }
            return x509CertificateArr;
        } catch (Exception e) {
            throw new RemoteException("Certificate conversion failed", e);
        }
    }

    private Subject doCSIv2Token(int i, byte[] bArr, String str, byte[] bArr2, byte[] bArr3) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doCSIv2Token", new Object[]{new Integer(i), bArr, str, bArr2, bArr3});
        }
        Subject subject = null;
        try {
            if (WSSecurityPropagationHelper.getInstance().isRMIInboundPropagationEnabled() && bArr2 != null) {
                subject = getCache().getSubject(bArr2);
                if (subject != null && !getWSCredTokenMapper().checkValidityOfAllTokens(subject)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "removing expired credential from cache", subject);
                    }
                    WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
                    getCache().removeEntry(wSCredentialFromSubject.getRealmName(), wSCredentialFromSubject.getSecurityName());
                    subject = null;
                }
            }
            if ((WSSecurityPropagationHelper.getInstance().isRMIOutboundPropagationEnabled() || WSSecurityPropagationHelper.getInstance().isRMIInboundPropagationEnabled()) && bArr3 != null && subject != null) {
                ArrayList createTokenHolderListFromOpaqueToken = WSOpaqueTokenHelper.getInstance().createTokenHolderListFromOpaqueToken(bArr3);
                for (int i2 = 0; i2 < createTokenHolderListFromOpaqueToken.size(); i2++) {
                    TokenHolder tokenHolder = (TokenHolder) createTokenHolderListFromOpaqueToken.get(i2);
                    if (tokenHolder.getName().equals(AttributeNameConstants.WSPROPTOKEN_NAME)) {
                        PropagationTokenImpl propagationTokenImpl = new PropagationTokenImpl();
                        propagationTokenImpl.initializeToken(new AuthzPropToken(tokenHolder.getBytes(), null, null, null));
                        AccessController.doPrivileged(new PrivilegedExceptionAction(this, propagationTokenImpl) { // from class: com.ibm.ws.security.localOSORB.SecurityORBImpl.2
                            private final PropagationTokenImpl val$propagationToken;
                            private final SecurityORBImpl this$0;

                            {
                                this.this$0 = this;
                                this.val$propagationToken = propagationTokenImpl;
                            }

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws Exception {
                                this.this$0.contextManager.setPropagationToken(new StringBuffer().append(this.val$propagationToken.getName()).append(":").append((int) this.val$propagationToken.getVersion()).toString(), this.val$propagationToken);
                                return null;
                            }
                        });
                    }
                }
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.localOSORB.SecurityORBImpl.doCSIv2Token", "834", this);
            if (tc.isEventEnabled()) {
                Tr.event(tc, "Cached login failed, logging in", e);
            }
            subject = null;
        }
        if (subject == null) {
            if ((WSSecurityPropagationHelper.getInstance().isRMIOutboundPropagationEnabled() || WSSecurityPropagationHelper.getInstance().isRMIInboundPropagationEnabled()) && bArr3 != null) {
                WSOpaqueTokenHelper wSOpaqueTokenHelper = WSOpaqueTokenHelper.getInstance();
                this.contextManager.put(wSOpaqueTokenHelper.getOpaqueTokenLookup(), wSOpaqueTokenHelper.createTokenHolderListFromOpaqueToken(bArr3));
            }
            subject = doCSIv2Login(i, bArr, str, bArr2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "doCSIv2Token", subject);
        }
        return subject;
    }

    private Subject doCSIv2Login(int i, byte[] bArr, String str, byte[] bArr2) throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "doCSIv2Login", new Object[]{new Integer(i), bArr, str, bArr2});
        }
        Subject subject = null;
        try {
            try {
                try {
                    this.contextManager.put(SecurityConfig.CACHEKEYATTRIBUTE, bArr2);
                    String rMIInboundLoginConfig = SecurityConfig.getConfig().getRMIInboundLoginConfig();
                    switch (i) {
                        case 1:
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "token login", bArr);
                            }
                            subject = this.contextManager.login(str, bArr, rMIInboundLoginConfig, (HttpServletRequest) null, (HttpServletResponse) null, (Map) null);
                            break;
                        case 2:
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "Certificate login", bArr);
                            }
                            X509Certificate[] convertCertificate = convertCertificate(bArr);
                            subject = this.contextManager.login(str, new UserMappingImpl().mapCertificateToName(convertCertificate), rMIInboundLoginConfig, (HttpServletRequest) null, (HttpServletResponse) null, (Map) null);
                            SubjectHelper.getWSCredentialFromSubject(subject);
                            break;
                        case 3:
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "uid login", bArr);
                            }
                            subject = this.contextManager.login(str, new String(bArr));
                            break;
                        case 4:
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "DN login", bArr);
                            }
                            subject = this.contextManager.login(str, CSIUtil.getInstance().parseDN(new X500Principal(bArr).getName()));
                            break;
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "doCSIv2Login", subject);
                    }
                    return subject;
                } catch (Throwable th) {
                    throw new WSSecurityException(th.getMessage(), th);
                }
            } catch (WSSecurityException e) {
                throw e;
            }
        } finally {
            this.contextManager.put(SecurityConfig.CACHEKEYATTRIBUTE, null);
        }
    }

    private WSCredentialTokenMapperInterface getWSCredTokenMapper() throws WSSecurityException {
        if (this.wsCredTokenMapper != null) {
            return this.wsCredTokenMapper;
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getWSCredTokenMapper");
        }
        if (this.wsCredTokenMapper == null) {
            this.wsCredTokenMapper = WSCredentialTokenMapper.getInstance();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getWSCredTokenMapper", this.wsCredTokenMapper);
        }
        return this.wsCredTokenMapper;
    }

    @Override // com.ibm.ws.security.localOSORB.SecurityORBInterface
    public int rmiOutboundLogin(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "rmiOutboundLogin", bArr);
        }
        SecurityConfig config = SecurityConfig.getConfig();
        int i = 8;
        try {
            Subject outboundSubject = getOutboundSubject();
            if (config.isRMIOutboundLoginEnabled() || config.isRMIOutboundPropagationEnabled()) {
                Subject login = this.contextManager.login(config.getRMIOutboundLoginConfig(), new CSIv2PerformPolicy(new NativeCSIv2PerformPolicyData(ByteBuffer.wrap(bArr))), (Subject) AccessController.doPrivileged(new PrivilegedAction(this, outboundSubject) { // from class: com.ibm.ws.security.localOSORB.SecurityORBImpl.3
                    private final Subject val$subjectPriv;
                    private final SecurityORBImpl this$0;

                    {
                        this.this$0 = this;
                        this.val$subjectPriv = outboundSubject;
                    }

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        return SubjectHelper.createNewSubjectFromExisting(this.val$subjectPriv);
                    }
                }));
                this.contextManager.setInvocationSubject(outboundSubject);
                WSCredentialImpl wSCredentialImpl = (WSCredentialImpl) SubjectHelper.getWSCredentialFromSubject(login);
                WSOpaqueTokenHelper.getInstance().createOpaqueTokenFromSubject(login);
                String clientUniqueIDForOutboundRequests = this.contextManager.getClientUniqueIDForOutboundRequests(outboundSubject);
                byte[] bytes = clientUniqueIDForOutboundRequests != null ? clientUniqueIDForOutboundRequests.getBytes() : null;
                if (wSCredentialImpl.getCredentialToken() != null) {
                }
            }
            i = 0;
        } catch (Exception e) {
            Tr.event(tc, "exception occurred in rmiOutboundLogin", e);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "rmiOutboundLogin", new Integer(i));
        }
        return i;
    }

    void checkID(Subject subject) throws RemoteException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "checkID", subject);
        }
        try {
            if (!CSIUtil.getInstance().isTrusted(SubjectHelper.getWSCredentialFromSubject(subject).getSecurityName())) {
                throw new RemoteException("Asserting identity is not trusted.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "checkID");
            }
        } catch (Exception e) {
            throw new RemoteException("Unable to determine asserting subject's name");
        }
    }

    @Override // com.ibm.ws.security.localOSORB.SecurityORBInterface
    public int getCurrentCredentials() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCurrentCredentials");
        }
        int i = 0;
        try {
            Subject outboundSubject = getOutboundSubject();
            WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(outboundSubject);
            if (((WSCredentialImpl) wSCredentialFromSubject).isServerCred() && wSCredentialFromSubject.getExpiration() != 0 && wSCredentialFromSubject.getExpiration() != -1 && !getWSCredTokenMapper().checkCushionValidityOfAllTokens(outboundSubject, this.contextManager.getReqTimeout())) {
                outboundSubject = this.contextManager.getServerSubject();
                wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(outboundSubject);
            }
            byte[] credentialToken = wSCredentialFromSubject != null ? wSCredentialFromSubject.getCredentialToken() : new byte[0];
            arrayListToByteArray(wSCredentialFromSubject != null ? wSCredentialFromSubject.getGroupIds() : null);
            String clientUniqueIDForOutboundRequests = this.contextManager.getClientUniqueIDForOutboundRequests(outboundSubject);
            byte[] bytes = (!isPropagationEnabled() || clientUniqueIDForOutboundRequests == null) ? null : clientUniqueIDForOutboundRequests.getBytes();
            int length = bytes != null ? bytes.length : 0;
            if (credentialToken == null) {
                byte[] bArr = new byte[0];
            }
            if (PlatformHelperFactory.getPlatformHelper().isServantJvm()) {
                if (!((WSCredentialImpl) wSCredentialFromSubject).isServerCred() && wSCredentialFromSubject.getExpiration() != 0 && wSCredentialFromSubject.getExpiration() != -1 && !getWSCredTokenMapper().checkValidityOfAllTokens(outboundSubject)) {
                    throwNoPermission(null, SecurityMinorCodes.CREDENTIAL_TOKEN_EXPIRED);
                }
                if (isSAFRegistry()) {
                    i = getNscTokenFromSubject(outboundSubject);
                    if (i == 0 || !wSCredentialFromSubject.isUnauthenticated()) {
                    }
                }
            } else if (PlatformHelperFactory.getPlatformHelper().isClientJvm()) {
            }
        } catch (Exception e) {
            if (tc.isEventEnabled()) {
                Tr.event(tc, "Unexpected exception on outbound", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCurrentCredentials", new Integer(i));
        }
        return i;
    }

    private byte[] arrayListToByteArray(ArrayList arrayList) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "arrayListToByteArray", arrayList);
        }
        byte[] bArr = null;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new ObjectOutputStream(byteArrayOutputStream).writeObject(arrayList);
            bArr = byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to serialize list", e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "arrayListToByteArray", bArr);
        }
        return bArr;
    }

    private boolean isPropagationEnabled() {
        if (PlatformHelperFactory.getPlatformHelper().isClientJvm()) {
            return false;
        }
        return WSSecurityPropagationHelper.getInstance().isRMIInboundPropagationEnabled() || WSSecurityPropagationHelper.getInstance().isWebInboundPropagationEnabled() || WSSecurityPropagationHelper.getInstance().isRMIOutboundPropagationEnabled();
    }

    private Subject getOutboundSubject() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getOutboundSubject");
        }
        Subject invocationSubject = this.contextManager.getInvocationSubject();
        if (invocationSubject == null) {
            invocationSubject = this.contextManager.getCallerSubject();
        }
        if (invocationSubject == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Going outobund without credentials: ", new Exception("Traceback for debug"));
            }
            invocationSubject = getDefaultOutboundSubject();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getOutboundSubject", invocationSubject);
        }
        return invocationSubject;
    }

    private Subject getDefaultOutboundSubject() throws WSSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultOutboundSubject");
        }
        Subject serverSubject = (PlatformHelperFactory.getPlatformHelper().isControlJvm() && this.defaultControllerOutboundIsServer) ? this.contextManager.getServerSubject() : this.contextManager.createUnauthenticatedSubject();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultOutboundSubject", serverSubject);
        }
        return serverSubject;
    }

    private void throwNoPermission(Throwable th, int i) throws NO_PERMISSION {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "throwNoPermission", new Object[]{th, new Integer(i)});
        }
        NO_PERMISSION no_permission = null;
        if (th instanceof WSLoginFailedException) {
            th = ((WSLoginFailedException) th).getCause();
        }
        if (th instanceof NO_PERMISSION) {
            no_permission = (NO_PERMISSION) th;
        }
        if (no_permission == null) {
            no_permission = new NO_PERMISSION(i, CompletionStatus.COMPLETED_NO);
            no_permission.initCause(th);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "throwNoPermission", no_permission);
        }
        throw no_permission;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$localOSORB$SecurityORBImpl == null) {
            cls = class$("com.ibm.ws.security.localOSORB.SecurityORBImpl");
            class$com$ibm$ws$security$localOSORB$SecurityORBImpl = cls;
        } else {
            cls = class$com$ibm$ws$security$localOSORB$SecurityORBImpl;
        }
        tc = Tr.register(cls, "Security", "com.ibm.ejs.resources.security");
        soi = new SecurityORBImpl();
    }
}
